Vulnerability Details CVE-2020-11683
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.6
References
- https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213
- https://labs.f-secure.com/advisories/microchip-at91bootstrap/
- https://github.com/linux4sam/at91bootstrap/commit/7753914c9a622c245f3a3cf2af5e24b6a9904213
- https://labs.f-secure.com/advisories/microchip-at91bootstrap/
Products affected by CVE-2020-11683
-
cpe:2.3:a:linux4sam:at91bootstrap:3.7.2
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.1
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.10
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.11
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.13
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.2
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.3
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.4
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.5
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.6
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.7
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.8
-
cpe:2.3:a:linux4sam:at91bootstrap:3.8.9
-
cpe:2.3:a:linux4sam:at91bootstrap:3.9.0
-
cpe:2.3:a:linux4sam:at91bootstrap:3.9.1