Sign-up

ID

VAR-202008-0134


CVE

CVE-2020-13472


TITLE

Gigadevice GD32F103 Vulnerability in leaking resources to incorrect area on device

Trust: 0.8

sources: JVNDB: JVNDB-2020-010349

DESCRIPTION

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. Gigadevice GD32F103 The device contains a vulnerability related to the leakage of resources to the wrong area.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-13472 // JVNDB: JVNDB-2020-010349 // VULMON: CVE-2020-13472

AFFECTED PRODUCTS

vendor:gigadevicemodel:gd32f103scope:eqversion: -

Trust: 1.0

vendor:gigadevicemodel:gd32f103scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010349 // NVD: CVE-2020-13472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13472
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010349
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-1458
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-13472
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-13472
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010349
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-13472
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010349
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-13472 // JVNDB: JVNDB-2020-010349 // CNNVD: CNNVD-202008-1458 // NVD: CVE-2020-13472

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.8

sources: JVNDB: JVNDB-2020-010349 // NVD: CVE-2020-13472

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010349

PATCH
title:Top Pageurl:https://www.gigadevice.com/
Trust: 0.8
title: - url:https://github.com/Aodrulez/GD32F103-RDP_Bypass 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-13472 // 
            
            
            
            JVNDB: JVNDB-2020-010349

EXTERNAL IDS
db:NVDid:CVE-2020-13472
Trust: 2.5
db:JVNDBid:JVNDB-2020-010349
Trust: 0.8
db:CNNVDid:CNNVD-202008-1458
Trust: 0.6
db:VULMONid:CVE-2020-13472
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-13472 // 
            
            
            
            JVNDB: JVNDB-2020-010349 // 
            
            
            
            CNNVD: CNNVD-202008-1458 // 
            
            
            
            NVD: CVE-2020-13472

REFERENCES
url:https://www.usenix.org/system/files/woot20-paper-obermaier.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-13472
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13472
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/668.html
Trust: 0.1
url:https://github.com/aodrulez/gd32f103-rdp_bypass
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-13472 // 
            
            
            
            JVNDB: JVNDB-2020-010349 // 
            
            
            
            CNNVD: CNNVD-202008-1458 // 
            
            
            
            NVD: CVE-2020-13472

SOURCES
db:VULMONid:CVE-2020-13472
db:JVNDBid:JVNDB-2020-010349
db:CNNVDid:CNNVD-202008-1458
db:NVDid:CVE-2020-13472

LAST UPDATE DATE
2024-11-23T23:07:54.769000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-13472date:2020-09-03T00:00:00
db:JVNDBid:JVNDB-2020-010349date:2021-01-07T07:54:54
db:CNNVDid:CNNVD-202008-1458date:2022-03-18T00:00:00
db:NVDid:CVE-2020-13472date:2024-11-21T05:01:20.653

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-13472date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-010349date:2021-01-07T07:54:54
db:CNNVDid:CNNVD-202008-1458date:2020-08-31T00:00:00
db:NVDid:CVE-2020-13472date:2020-08-31T16:15:14.787