CVE-2019-17391 - OpenCVE

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Espressif	Esp32-d0wd Esp32-d0wd Firmware Esp32-d2wd Esp32-d2wd Firmware Esp32-pico-d4 Esp32-pico-d4 Firmware Esp32-s0wd Esp32-s0wd Firmware

Configuration 1 [-]

AND

cpe:2.3:o:espressif:esp32-d0wd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:espressif:esp32-d0wd:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:espressif:esp32-d2wd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:espressif:esp32-d2wd:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:espressif:esp32-s0wd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:espressif:esp32-s0wd:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:espressif:esp32-pico-d4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:espressif:esp32-pico-d4:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-14T20:34:03

Updated: 2024-08-05T01:40:15.260Z

Reserved: 2019-10-09T00:00:00

Link: CVE-2019-17391

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-14T21:15:12.030

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-17391

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-14T20:34:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17391", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections", "refsource": "CONFIRM", "url": "https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:15.260Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17391", "datePublished": "2019-11-14T20:34:03", "dateReserved": "2019-10-09T00:00:00", "dateUpdated": "2024-08-05T01:40:15.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:espressif:esp32-d0wd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EB3CC2D-1BA2-4AE4-BB02-A656311B05BA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:espressif:esp32-d0wd:-:*:*:*:*:*:*:*", "matchCriteriaId": "708F009A-2E43-4273-8753-33807478B6A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:espressif:esp32-d2wd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "598C9266-BBF1-461B-97D7-A648AE711560", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:espressif:esp32-d2wd:-:*:*:*:*:*:*:*", "matchCriteriaId": "F22AA4F9-6EAA-4367-B141-51A33C7ABF6A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:espressif:esp32-s0wd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D929809-FA8B-46DF-9DC8-539946AB94E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:espressif:esp32-s0wd:-:*:*:*:*:*:*:*", "matchCriteriaId": "196E8CB0-C1EB-47D2-B0D1-A9CD6F32DED8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:espressif:esp32-pico-d4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FC31E7B-29C7-48F1-868F-D1BB31FF633B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:espressif:esp32-pico-d4:-:*:*:*:*:*:*:*", "matchCriteriaId": "16B81559-2017-4956-AED9-6BAB282C51B4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el c\u00f3digo ROM de la m\u00e1scara de Espressif ESP32 08-06-2016 desde 0 hasta 2. La falta de mitigaciones contra fallos en el cargador de arranque de la primera etapa del chip ESP32 permite a un atacante (con acceso f\u00edsico al dispositivo) leer el contenido de eFuses protegidos contra lectura, tales como el cifrado flash y las claves de arranque seguras, al inyectar un fallo en la fuente de alimentaci\u00f3n del chip poco despu\u00e9s del reinicio."}], "id": "CVE-2019-17391", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-14T21:15:12.030", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}