Details of VAR-201908-1587

ID

VAR-201908-1587

CVE

CVE-2018-18056

TITLE

Texas Instruments TM4C microcontroller series Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-016046

DESCRIPTION

An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle.". This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.8

sources: NVD: CVE-2018-18056 // JVNDB: JVNDB-2018-016046 // VULHUB: VHN-128577 // VULMON: CVE-2018-18056

IOT TAXONOMY

category:

['embedded device']

sub_category:

microcontroller

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	ti	model:	tm4c129	scope:	eq	version:	-	Trust: 1.0
vendor:	ti	model:	tm4c123	scope:	eq	version:	-	Trust: 1.0
vendor:	texas instruments incorporated ti	model:	tm4c123	scope:	-	version:	-	Trust: 0.8
vendor:	texas instruments incorporated ti	model:	tm4c129	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-016046 // NVD: CVE-2018-18056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18056
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-18056
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-1337
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-128577
value:	LOW
Trust: 0.1
VULMON:	CVE-2018-18056
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-18056
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-128577
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18056
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-128577 // VULMON: CVE-2018-18056 // JVNDB: JVNDB-2018-016046 // CNNVD: CNNVD-201908-1337 // NVD: CVE-2018-18056

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-128577 // JVNDB: JVNDB-2018-016046 // NVD: CVE-2018-18056

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1337

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016046

PATCH

title:

Top Page

url:

http://www.ti.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-016046

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18056	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-016046	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1337	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-128577	Trust: 0.1
db:	VULMON	id:	CVE-2018-18056	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-128577 // VULMON: CVE-2018-18056 // JVNDB: JVNDB-2018-016046 // CNNVD: CNNVD-201908-1337 // NVD: CVE-2018-18056

REFERENCES

url:	https://www.usenix.org/system/files/woot19-paper_schink.pdf	Trust: 2.6
url:	https://www.usenix.org/conference/woot19/presentation/schink	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18056	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18056	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-128577 // VULMON: CVE-2018-18056 // JVNDB: JVNDB-2018-016046 // CNNVD: CNNVD-201908-1337 // NVD: CVE-2018-18056

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-128577
db:	VULMON	id:	CVE-2018-18056
db:	JVNDB	id:	JVNDB-2018-016046
db:	CNNVD	id:	CNNVD-201908-1337
db:	NVD	id:	CVE-2018-18056

LAST UPDATE DATE

2025-01-30T19:28:28.031000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-128577	date:	2019-09-12T00:00:00
db:	VULMON	id:	CVE-2018-18056	date:	2019-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-016046	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1337	date:	2019-09-18T00:00:00
db:	NVD	id:	CVE-2018-18056	date:	2024-11-21T03:55:24.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-128577	date:	2019-08-20T00:00:00
db:	VULMON	id:	CVE-2018-18056	date:	2019-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-016046	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1337	date:	2019-08-20T00:00:00
db:	NVD	id:	CVE-2018-18056	date:	2019-08-20T17:15:11.087