← Back to CVEs
CVE-2020-11683
MEDIUM6.8
Description
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/14/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
linux4sam:at91bootstrap
Weaknesses (CWE)
CWE-203
References
https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213(cve@mitre.org)
https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213(af854a3a-2127-422b-91ae-364da2661108)
https://labs.f-secure.com/advisories/microchip-at91bootstrap/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.