WolfSSLVULNRICHMENT:CVE-2024-1545CVE-2024-1545 Fault Injection of RSA encryption in WolfCrypt
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
20.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attackerย co-resides in the same system with a victim process toย disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:wolfssl:wolfcrypt:*:*:*:*:*:*:*:*"
],
"vendor": "wolfssl",
"product": "wolfcrypt",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "git",
"lessThanOrEqual": "5.6.6"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
20.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total