Lucene search

[email protected]CVE-2020-27212

HistoryMay 21, 2021 - 12:15 p.m.

CVE-2020-27212

2021-05-2112:15:07

CWE-74

[email protected]

web.nvd.nist.gov

cve-2020-27212

stm32l4

access control

nvd

security vulnerability

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

Affected configurations

NVD

Node

ststm32l412c8Match-

ststm32l412cbMatch-

ststm32l412k8Match-

ststm32l412kbMatch-

ststm32l412r8Match-

ststm32l412rbMatch-

ststm32l412t8Match-

ststm32l412tbMatch-

ststm32l422cbMatch-

ststm32l422kbMatch-

ststm32l422rbMatch-

ststm32l422tbMatch-

ststm32l431cbMatch-

ststm32l431ccMatch-

ststm32l431kbMatch-

ststm32l431kcMatch-

ststm32l431rbMatch-

ststm32l431rcMatch-

ststm32l431vcMatch-

ststm32l432kbMatch-

ststm32l432kcMatch-

ststm32l433cbMatch-

ststm32l433ccMatch-

ststm32l433rbMatch-

ststm32l433rcMatch-

ststm32l433vcMatch-

ststm32l442kcMatch-

ststm32l443ccMatch-

ststm32l443rcMatch-

ststm32l443vcMatch-

ststm32l451ccMatch-

ststm32l451ceMatch-

ststm32l451rcMatch-

ststm32l451reMatch-

ststm32l451vcMatch-

ststm32l451veMatch-

ststm32l452ccMatch-

ststm32l452ceMatch-

ststm32l452rcMatch-

ststm32l452reMatch-

ststm32l452vcMatch-

ststm32l452veMatch-

ststm32l462ceMatch-

ststm32l462reMatch-

ststm32l462veMatch-

ststm32l471qeMatch-

ststm32l471qgMatch-

ststm32l471reMatch-

ststm32l471rgMatch-

ststm32l471veMatch-

ststm32l471vgMatch-

ststm32l471zeMatch-

ststm32l471zgMatch-

ststm32l475rcMatch-

ststm32l475reMatch-

ststm32l475rgMatch-

ststm32l475vcMatch-

ststm32l475veMatch-

ststm32l475vgMatch-

ststm32l476jeMatch-

ststm32l476jgMatch-

ststm32l476meMatch-

ststm32l476mgMatch-

ststm32l476qeMatch-

ststm32l476qgMatch-

ststm32l476rcMatch-

ststm32l476reMatch-

ststm32l476rgMatch-

ststm32l476vcMatch-

ststm32l476veMatch-

ststm32l476vgMatch-

ststm32l476zeMatch-

ststm32l476zgMatch-

ststm32l486jgMatch-

ststm32l486qgMatch-

ststm32l486rgMatch-

ststm32l486vgMatch-

ststm32l486zgMatch-

ststm32l496aeMatch-

ststm32l496agMatch-

ststm32l496qeMatch-

ststm32l496qgMatch-

ststm32l496reMatch-

ststm32l496rgMatch-

ststm32l496veMatch-

ststm32l496vgMatch-

ststm32l496wgMatch-

ststm32l496zeMatch-

ststm32l496zgMatch-

ststm32l4a6agMatch-

ststm32l4a6qgMatch-

ststm32l4a6rgMatch-

ststm32l4a6vgMatch-

ststm32l4a6zgMatch-

AND

ststm32cubel4_firmwareRange≤1.16.0

CPENameOperatorVersion
st:stm32cubel4_firmwarest stm32cubel4 firmwarele1.16.0

CPE	Name	Operator	Version
st:stm32cubel4_firmware	st stm32cubel4 firmware	le	1.16.0

References

eprint.iacr.org/2021/640

www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html

www.aisec.fraunhofer.de/en/FirmwareProtection.html

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-27212

cvelist1 nvd1 prion1