Strix
26.1K

CVE-2023-35818

MEDIUMCVSS 6.8/10EPSS 0.20%

Last modified

CVE-2023-35818 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.20%

9.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
EspressifEsp32-D0wd-V3 Firmware3.0
EspressifEsp32-D0wd-V3 Firmware3.1
EspressifEsp32-D0wdr2-V3 Firmware3.0
EspressifEsp32-D0wdr2-V3 Firmware3.1
EspressifEsp32-U4wdh Firmware3.0
EspressifEsp32-U4wdh Firmware3.1
EspressifEsp32-Pico-V3 Firmware3.0
EspressifEsp32-Pico-V3 Firmware3.1
EspressifEsp32-Pico-V3-02 Firmware3.0
EspressifEsp32-Pico-V3-02 Firmware3.1
EspressifEsp32-Pico-D4 Firmware3.0
EspressifEsp32-Pico-D4 Firmware3.1
EspressifEsp32-Wroom-32e Firmware3.0
EspressifEsp32-Wroom-32e Firmware3.1
EspressifEsp32-Wroom-32ue Firmware3.0
EspressifEsp32-Wroom-32ue Firmware3.1
EspressifEsp32-Wroom-Da Firmware3.0
EspressifEsp32-Wroom-Da Firmware3.1
EspressifEsp32-Wrover-E Firmware3.0
EspressifEsp32-Wrover-E Firmware3.1
EspressifEsp32-Wrover-Ie Firmware3.0
EspressifEsp32-Wrover-Ie Firmware3.1
EspressifEsp32-Mini-1 Firmware3.0
EspressifEsp32-Mini-1 Firmware3.1
EspressifEsp32-Mini-1u Firmware3.0
EspressifEsp32-Mini-1u Firmware3.1
EspressifEsp32-Pico-Mini-02 Firmware3.0
EspressifEsp32-Pico-Mini-02 Firmware3.1
EspressifEsp32-Pico-Mini-02u Firmware3.0
EspressifEsp32-Pico-Mini-02u Firmware3.1
EspressifEsp32-Pico-V3-Zero Firmware3.0
EspressifEsp32-Pico-V3-Zero Firmware3.1
EspressifEsp32-Devkitc Firmware3.0
EspressifEsp32-Devkitc Firmware3.1
EspressifEsp32-Devkitm-1 Firmware3.0
EspressifEsp32-Devkitm-1 Firmware3.1
EspressifEsp32-Pico-Kit Firmware3.0
EspressifEsp32-Pico-Kit Firmware3.1
EspressifEsp32-Pico-V3-Zero-Devkit Firmware3.0
EspressifEsp32-Pico-V3-Zero-Devkit Firmware3.1
EspressifEsp-Eye Firmware3.0
EspressifEsp-Eye Firmware3.1
EspressifEsp32-Vaquita-Dspg Firmware3.0
EspressifEsp32-Vaquita-Dspg Firmware3.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-35818?
An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.
How severe is CVE-2023-35818?
CVE-2023-35818 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2023-35818?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-35818?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST