Lucene search

[email protected]NVD:CVE-2023-35818

HistoryJul 17, 2023 - 4:15 p.m.

CVE-2023-35818

2023-07-1716:15:09

[email protected]

web.nvd.nist.gov

espressif esp32

emfi attack

eco3

pc value

cpu context

secure boot

flash encryption

rom download mode

encrypted flash content

cleartext format

stub code

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

Affected configurations

NVD

Node

espressifesp32-d0wd-v3_firmwareMatch3.0

espressifesp32-d0wd-v3_firmwareMatch3.1

AND

espressifesp32-d0wd-v3Match-

Node

espressifesp32-d0wdr2-v3_firmwareMatch3.0

espressifesp32-d0wdr2-v3_firmwareMatch3.1

AND

espressifesp32-d0wdr2-v3Match-

Node

espressifesp32-u4wdh_firmwareMatch3.0

espressifesp32-u4wdh_firmwareMatch3.1

AND

espressifesp32-u4wdhMatch-

Node

espressifesp32-pico-v3_firmwareMatch3.0

espressifesp32-pico-v3_firmwareMatch3.1

AND

espressifesp32-pico-v3Match-

Node

espressifesp32-pico-v3-02_firmwareMatch3.0

espressifesp32-pico-v3-02_firmwareMatch3.1

AND

espressifesp32-pico-v3-02Match-

Node

espressifesp32-pico-d4_firmwareMatch3.0

espressifesp32-pico-d4_firmwareMatch3.1

AND

espressifesp32-pico-d4Match-

Node

espressifesp32-wroom-32e_firmwareMatch3.0

espressifesp32-wroom-32e_firmwareMatch3.1

AND

espressifesp32-wroom-32eMatch-

Node

espressifesp32-wroom-32ue_firmwareMatch3.0

espressifesp32-wroom-32ue_firmwareMatch3.1

AND

espressifesp32-wroom-32ueMatch-

Node

espressifesp32-wroom-da_firmwareMatch3.0

espressifesp32-wroom-da_firmwareMatch3.1

AND

espressifesp32-wroom-daMatch-

Node

espressifesp32-wrover-e_firmwareMatch3.0

espressifesp32-wrover-e_firmwareMatch3.1

AND

espressifesp32-wrover-eMatch-

Node

espressifesp32-wrover-ie_firmwareMatch3.0

espressifesp32-wrover-ie_firmwareMatch3.1

AND

espressifesp32-wrover-ieMatch-

Node

espressifesp32-mini-1_firmwareMatch3.0

espressifesp32-mini-1_firmwareMatch3.1

AND

espressifesp32-mini-1Match-

Node

espressifesp32-mini-1u_firmwareMatch3.0

espressifesp32-mini-1u_firmwareMatch3.1

AND

espressifesp32-mini-1uMatch-

Node

espressifesp32-pico-mini-02_firmwareMatch3.0

espressifesp32-pico-mini-02_firmwareMatch3.1

AND

espressifesp32-pico-mini-02Match-

Node

espressifesp32-pico-mini-02u_firmwareMatch3.0

espressifesp32-pico-mini-02u_firmwareMatch3.1

AND

espressifesp32-pico-mini-02uMatch-

Node

espressifesp32-pico-v3-zero_firmwareMatch3.0

espressifesp32-pico-v3-zero_firmwareMatch3.1

AND

espressifesp32-pico-v3-zeroMatch-

Node

espressifesp32-devkitc_firmwareMatch3.0

espressifesp32-devkitc_firmwareMatch3.1

AND

espressifesp32-devkitcMatch-

Node

espressifesp32-devkitm-1_firmwareMatch3.0

espressifesp32-devkitm-1_firmwareMatch3.1

AND

espressifesp32-devkitm-1Match-

Node

espressifesp32-pico-kit_firmwareMatch3.0

espressifesp32-pico-kit_firmwareMatch3.1

AND

espressifesp32-pico-kitMatch-

Node

espressifesp32-pico-v3-zero-devkit_firmwareMatch3.0

espressifesp32-pico-v3-zero-devkit_firmwareMatch3.1

AND

espressifesp32-pico-v3-zero-devkitMatch-

Node

espressifesp-eye_firmwareMatch3.0

espressifesp-eye_firmwareMatch3.1

AND

espressifesp-eyeMatch-

Node

espressifesp32-vaquita-dspg_firmwareMatch3.0

espressifesp32-vaquita-dspg_firmwareMatch3.1

AND

espressifesp32-vaquita-dspgMatch-

References

espressif.com

www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2023-35818

cvelist1 prion1 cve1