CVE-2020-27211

Опубликовано: 21 мая 2021

Источник: nvd

CVSS3: 5.7

CVSS2: 3.3

EPSS Низкий

Описание

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.

Ссылки

https://eprint.iacr.org/2021/640
Third Party Advisory
https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
Third Party Advisory
https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
Third Party Advisory
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
Third Party Advisory
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Third Party Advisory
https://eprint.iacr.org/2021/640
Third Party Advisory
https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
Third Party Advisory
https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
Third Party Advisory
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
Third Party Advisory
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nordicsemi:nrf52840_firmware:*:*:*:*:*:*:*:*

Версия до 2020-10-19 (включая)

cpe:2.3:h:nordicsemi:nrf52840:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00078

Низкий

5.7 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-g62r-h4q8-qx29