CVE-2018-18558

Published: May 13, 2019Modified: Nov 21, 2024

6.4

Vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.

Affected (2)

Products: Espressif: Esp Idf

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Espressif Esp Idf	From 2.0 to 3.0.6
Espressif Esp Idf	From 3.1 to 3.1.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/espressif/esp-idf/releases

Source: cve@mitre.org

Release NotesThird Party Advisory

https://www.espressif.com/en/news/Espressif_Product_Security_Advisory_Concerning_Secure_Boot_%28CVE-2018-18558%29

Source: cve@mitre.org

https://github.com/espressif/esp-idf/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://www.espressif.com/en/news/Espressif_Product_Security_Advisory_Concerning_Secure_Boot_%28CVE-2018-18558%29

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.