Add to collection(s) Add to saved
  1. No category
Uploaded by dspaaron

CVE-2020-13472 Gigadevice GD32F103 Debug Interface exposure of resource

advertisement 
VDB-160467 · CVE-2020-13472
GIGADEVICE GD32F103 DEBUG INTERFACE
EXPOSURE OF RESOURCE
C V S S M e t a Te m p S c or e
4.4
?
C ur r e nt Ex pl oi t P r i c e ( ≈)
?
$0-$5k
C TI Int e r e s t S c or e
?
0.00
A vulnerability was found in Gigadevice GD32F103 (the affected version unknown). It has been classified as
problematic. This affects some unknown processing of the component Debug Interface. The manipulation with an
unknown input leads to a exposure of resource vulnerability. CWE is classifying the issue as CWE-668. The product
exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the
resource. This is going to have an impact on confidentiality. The summary by CVE is:
The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to
extract firmware via the debug interface by utilizing the DMA module.
The weakness was disclosed 08/31/2020. This vulnerability is uniquely identified as CVE-2020-13472 since
05/25/2020. The exploitability is told to be difficult. Attacking locally is a requirement. No form of authentication is
needed for exploitation. The technical details are unknown and an exploit is not publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object
with an alternative product.
Product
V en d o r
Gigadevice
N a me
GD32F103
CPE 2.3
CPE 2.2
CPE 2.2
CVSSv3
V u lD B M eta B a se Sco re: 4.4
V u lD B M eta Temp Sco re: 4.4
V u lD B B a se Sco re: 4.2
V u lD B Temp Sco re: 4.2
V u lD B V ecto r:
V u lD B R elia b ility:
N V D B a se Sco re: 4.6
N V D V ecto r:
CVSSv2
AV AC Au C I A
Vector Complexity Authentication Confidentiality Integrity Availability
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
unlock
V u lD B B a se Sco re:
V u lD B Temp Sco re:
V u lD B R elia b ility:
N V D B a se Sco re:
Exploiting
C la ss: Exposure of resource
C W E: CWE-668 / CWE-200 / CWE-284
A TT&C K : Unknown
Lo ca l: Yes
R emo te: No
A va ila b ility:
Sta tu s: Not defined
EP SS Sco re:
EP SS P ercen tile:
P rice P red ictio n :
C u rren t P rice Estima tio n :
0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock
Threat Intelligence
In terest:
A ctive A cto rs:
A ctive A P T Gro u p s:
Countermeasures
R eco mmen d ed : no mitigation known
Sta tu s:
0 -D a y Time:
Timeline
0 5 /2 5 /2 0 2 0
0 8 /3 1 /2 0 2 0
+98 days
0 8 /3 1 /2 0 2 0
+0 days
0 8 /3 1 /2 0 2 0
+0 days
Sources
Sta tu s: Not defined
C V E: CVE-2020-13472 ( )
Entry
C rea ted : 08/31/2020 10:08 PM
Up d a ted : 08/31/2020 10:13 PM
C h a n g es: 08/31/2020 10:08 PM (34), 08/31/2020 10:13 PM (17)
C o mp lete:
Discussion
No comments yet. Languages: en.
Please log in to comment.
© 1997-2022 vuldb.com · cc by-nc-sa
v16.4.4
Related documents
Unlock 2 - RW - U1 - 04 - Reading 1 - Vocabulary.docx
Unlock 2 - RW - U1 - 04 - Reading 1 - Vocabulary.docx
FUNCTIONAL REQUIREMENTS
FUNCTIONAL REQUIREMENTS
lock sap tcode
lock sap tcode
Download
advertisement