Details of VAR-202307-1521

ID

VAR-202307-1521

CVE

CVE-2023-35818

TITLE

plural Espressif Systems Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-023405

DESCRIPTION

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code. esp32-d0wd-v3 firmware, esp32-d0wdr2-v3 firmware, esp32-u4wdh firmware etc. Espressif Systems There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-35818 // JVNDB: JVNDB-2023-023405 // VULMON: CVE-2023-35818

AFFECTED PRODUCTS

vendor:	espressif	model:	esp32-mini-1	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-devkitc	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-wroom-32ue	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3-02	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-wroom-32e	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-kit	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-vaquita-dspg	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-d0wdr2-v3	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-mini-02u	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-mini-02	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3-zero-devkit	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-u4wdh	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-devkitm-1	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-wrover-ie	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3-zero	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp-eye	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-mini-1	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-mini-1u	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-devkitc	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-wroom-da	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3-02	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-wroom-32e	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-d4	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-vaquita-dspg	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-wrover-e	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-mini-02u	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-d0wd-v3	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-devkitm-1	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-wroom-32ue	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-wrover-ie	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-mini-1u	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3-zero	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp-eye	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-d0wdr2-v3	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-wroom-da	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-kit	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-d4	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-pico-mini-02	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-pico-v3-zero-devkit	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-u4wdh	scope:	eq	version:	3.1	Trust: 1.0
vendor:	espressif	model:	esp32-d0wd-v3	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-wrover-e	scope:	eq	version:	3.0	Trust: 1.0
vendor:	espressif	model:	esp32-d0wd-v3	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-wroom-32ue	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-pico-v3-02	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-pico-d4	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-pico-v3	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-u4wdh	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-d0wdr2-v3	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-wrover-e	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-wroom-32e	scope:	-	version:	-	Trust: 0.8
vendor:	espressif	model:	esp32-wroom-da	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-023405 // NVD: CVE-2023-35818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-35818
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-35818
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202307-1449
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2023-35818
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-35818
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-023405 // CNNVD: CNNVD-202307-1449 // NVD: CVE-2023-35818

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-023405 // NVD: CVE-2023-35818

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202307-1449

PATCH

title:

Espressif ESP32 Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=246363

Trust: 0.6

sources: CNNVD: CNNVD-202307-1449

EXTERNAL IDS

db:	NVD	id:	CVE-2023-35818	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-023405	Trust: 0.8
db:	CNNVD	id:	CNNVD-202307-1449	Trust: 0.6
db:	VULMON	id:	CVE-2023-35818	Trust: 0.1

sources: VULMON: CVE-2023-35818 // JVNDB: JVNDB-2023-023405 // CNNVD: CNNVD-202307-1449 // NVD: CVE-2023-35818

REFERENCES

url:	https://espressif.com	Trust: 2.5
url:	https://www.espressif.com/sites/default/files/advisory_downloads/ar2023-005%20security%20advisory%20concerning%20bypassing%20secure%20boot%20and%20flash%20encryption%20using%20emfi%20en.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2023-35818	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-35818/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-35818 // JVNDB: JVNDB-2023-023405 // CNNVD: CNNVD-202307-1449 // NVD: CVE-2023-35818

SOURCES

db:	VULMON	id:	CVE-2023-35818
db:	JVNDB	id:	JVNDB-2023-023405
db:	CNNVD	id:	CNNVD-202307-1449
db:	NVD	id:	CVE-2023-35818

LAST UPDATE DATE

2024-08-14T15:10:41.674000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-35818	date:	2023-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2023-023405	date:	2024-01-26T06:17:00
db:	CNNVD	id:	CNNVD-202307-1449	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2023-35818	date:	2023-07-28T13:54:09.400

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-35818	date:	2023-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2023-023405	date:	2024-01-26T00:00:00
db:	CNNVD	id:	CNNVD-202307-1449	date:	2023-07-17T00:00:00
db:	NVD	id:	CVE-2023-35818	date:	2023-07-17T16:15:09.940