Strix
26.1K

CVE-2024-53406

HIGHCVSS 8.8/10EPSS 0.59%

Last modified

CVE-2024-53406 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.. EPSS estimates a 0.59% chance of exploitation in the next 30 days.

Description

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.59%

43.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
EspressifEsp-Idf5.3

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-53406?
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks.
How severe is CVE-2024-53406?
CVE-2024-53406 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.59% probability of exploitation in the next 30 days.
How do I fix CVE-2024-53406?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-53406?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST