Lucene search

MitreCVE-2020-13472

HistoryAug 31, 2020 - 4:15 p.m.

CVE-2020-13472

2020-08-3116:15:14

CWE-668

mitre

web.nvd.nist.gov

cve-2020-13472

gigadevice gd32f103

flash memory

readout protection

firmware extraction

debug interface

dma module

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.

Affected configurations

Nvd

Node

gigadevicegd32f103_firmwareMatch-

AND

gigadevicegd32f103Match-

VendorProductVersionCPE
gigadevicegd32f103_firmware-cpe:2.3:o:gigadevice:gd32f103_firmware:-:*:*:*:*:*:*:*
gigadevicegd32f103-cpe:2.3:h:gigadevice:gd32f103:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gigadevice	gd32f103_firmware	-	cpe:2.3:o:gigadevice:gd32f103_firmware:-:::::::*
gigadevice	gd32f103	-	cpe:2.3:h:gigadevice:gd32f103:-:::::::*

References

www.usenix.org/system/files/woot20-paper-obermaier.pdf

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVE-2020-13472