Weak Cryptographic Algorithm in Espressif's Esptool 4.6.2
CVE-2023-46894

7.5HIGH

Key Information:

Vendor: Espressif
Status: Esptool
Vendor: CVE Published:; 9 November 2023

What is CVE-2023-46894?

Espressif's Esptool version 4.6.2 contains a security oversight in its cryptographic implementation, enabling unauthorized access to sensitive information. This vulnerability arises from insufficient cryptographic strength, potentially allowing attackers to exploit the weakness and gain visibility into confidential data. Users are encouraged to evaluate their implementation and consider updating to address this security gap.

References

https://github.com/espressif/esptool/issues/926

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Oct 30, 2023