Описание
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.7.2 (включая) до 3.9.2 (исключая)
cpe:2.3:a:linux4sam:at91bootstrap:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00058
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
больше 3 лет назад
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
EPSS
Процентиль: 18%
0.00058
Низкий
6.8 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-203