exploitDog

CVE-2022-0553

Опубликовано: 11 янв. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 4.6

EPSS Низкий

Описание

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.

Ссылки

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp
Exploit
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wrj2-9vj9-rrcp
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 14%

0.00045

Низкий

6.5 Medium

CVSS3

4.6 Medium

CVSS3

Дефекты

CWE-200

CWE-319

EPSS

Процентиль: 14%

0.00045

Низкий

6.5 Medium

CVSS3

4.6 Medium

CVSS3

Дефекты

CWE-200

CWE-319