Replay Attack Vulnerability in ESP-NOW Communication Protocol by Espressif
CVE-2024-42483

6.5MEDIUM

Key Information:

Vendor: Espressif
Status: Esp-now
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-42483?

A vulnerability exists in the ESP-NOW component of the Espressif communication protocol, which employs a shared cache for all message types. This design flaw allows attackers to execute replay attacks by clearing legitimate entries from the cache, thereby providing an opportunity to re-inject previously captured packets. This issue has been addressed in version 2.5.2.

References

https://github.com/espressif/esp-now/security/advisories/...

https://github.com/espressif/esp-now/commit/4e30db50d541b...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2024