EMFI Attack Vulnerability in Espressif ESP32 Devices
CVE-2023-35818

6.8MEDIUM

Key Information:

Vendor: Espressif
Status: Esp32-d0wd-v3 Firmware
Vendor: CVE Published:; 17 July 2023

What is CVE-2023-35818?

An issue on Espressif ESP32 3.0 devices allows attackers to execute electromagnetic fault injection (EMFI) attacks. This vulnerability can influence the program counter value at the CPU context level, undermining both Secure Boot and Flash Encryption protections. By leveraging this influence, an attacker may access the ROM download mode, leading to potential exploitation of encrypted flash contents, exposing them in cleartext, or executing unauthorized stub code.

References

https://espressif.com

https://www.espressif.com/sites/default/files/advisory_do...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2023
Vulnerability Reserved
Jun 17, 2023