CVE-2023-35818

Published: Jul 17, 2023Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

Affected (44)

Espressif

22 products

Esp32 D0wd V3 Firmware

Esp32 D0wdr2 V3 Firmware

Esp32 U4wdh Firmware

Esp32 Pico V3 Firmware

Esp32 Pico V3 02 Firmware

Esp32 Pico D4 Firmware

Esp32 Wroom 32e Firmware

Esp32 Wroom 32ue Firmware

Esp32 Wroom Da Firmware

Esp32 Wrover E Firmware

Esp32 Wrover Ie Firmware

Esp32 Mini 1 Firmware

Esp32 Mini 1u Firmware

Esp32 Pico Mini 02 Firmware

Esp32 Pico Mini 02u Firmware

Esp32 Pico V3 Zero Firmware

Esp32 Devkitc Firmware

Esp32 Devkitm 1 Firmware

Esp32 Pico Kit Firmware

Esp32 Pico V3 Zero Devkit Firmware

Esp Eye Firmware

Esp32 Vaquita Dspg Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 D0wd V3 Firmware	Version 3.0
Espressif Esp32 D0wd V3 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 D0wd V3	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 D0wdr2 V3 Firmware	Version 3.0
Espressif Esp32 D0wdr2 V3 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 D0wdr2 V3	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 U4wdh Firmware	Version 3.0
Espressif Esp32 U4wdh Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 U4wdh	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico V3 Firmware	Version 3.0
Espressif Esp32 Pico V3 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico V3	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico V3 02 Firmware	Version 3.0
Espressif Esp32 Pico V3 02 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico V3 02	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico D4 Firmware	Version 3.0
Espressif Esp32 Pico D4 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico D4	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Wroom 32e Firmware	Version 3.0
Espressif Esp32 Wroom 32e Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Wroom 32e	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Wroom 32ue Firmware	Version 3.0
Espressif Esp32 Wroom 32ue Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Wroom 32ue	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Wroom Da Firmware	Version 3.0
Espressif Esp32 Wroom Da Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Wroom Da	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Wrover E Firmware	Version 3.0
Espressif Esp32 Wrover E Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Wrover E	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Wrover Ie Firmware	Version 3.0
Espressif Esp32 Wrover Ie Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Wrover Ie	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Mini 1 Firmware	Version 3.0
Espressif Esp32 Mini 1 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Mini 1	All versions

Configuration M

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Mini 1u Firmware	Version 3.0
Espressif Esp32 Mini 1u Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Mini 1u	All versions

Configuration N

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico Mini 02 Firmware	Version 3.0
Espressif Esp32 Pico Mini 02 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico Mini 02	All versions

Configuration O

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico Mini 02u Firmware	Version 3.0
Espressif Esp32 Pico Mini 02u Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico Mini 02u	All versions

Configuration P

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico V3 Zero Firmware	Version 3.0
Espressif Esp32 Pico V3 Zero Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico V3 Zero	All versions

Configuration Q

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Devkitc Firmware	Version 3.0
Espressif Esp32 Devkitc Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Devkitc	All versions

Configuration R

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Devkitm 1 Firmware	Version 3.0
Espressif Esp32 Devkitm 1 Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Devkitm 1	All versions

Configuration S

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico Kit Firmware	Version 3.0
Espressif Esp32 Pico Kit Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico Kit	All versions

Configuration T

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Pico V3 Zero Devkit Firmware	Version 3.0
Espressif Esp32 Pico V3 Zero Devkit Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Pico V3 Zero Devkit	All versions

Configuration U

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp Eye Firmware	Version 3.0
Espressif Esp Eye Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp Eye	All versions

Configuration V

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Espressif Esp32 Vaquita Dspg Firmware	Version 3.0
Espressif Esp32 Vaquita Dspg Firmware	Version 3.1

Running on/with	Platform Versions
Espressif Esp32 Vaquita Dspg	All versions

References (4)

https://espressif.com

Source: cve@mitre.org

Product

https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf

Source: cve@mitre.org

Vendor Advisory

https://espressif.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%20Advisory%20Concerning%20Bypassing%20Secure%20Boot%20and%20Flash%20Encryption%20Using%20EMFI%20EN.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.