Vulnerability Details CVE-2020-27211
Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.1%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 3.3
References
- https://eprint.iacr.org/2021/640
- https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
- https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
- https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
- https://eprint.iacr.org/2021/640
- https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
- https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
- https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Products affected by CVE-2020-27211
-
cpe:2.3:h:nordicsemi:nrf52840:-
-
cpe:2.3:o:nordicsemi:nrf52840_firmware:-
-
cpe:2.3:o:nordicsemi:nrf52840_firmware:2020-10-19