CVE-2023-35818
Summary
| CVE | CVE-2023-35818 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-17 16:15:00 UTC |
| Updated | 2023-07-28 13:54:00 UTC |
| Description | An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Espressif | Esp-eye | - | All | All | All |
| Operating System | Espressif | Esp-eye Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp-eye Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-d0wd-v3 | - | All | All | All |
| Operating System | Espressif | Esp32-d0wd-v3 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-d0wd-v3 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-d0wdr2-v3 | - | All | All | All |
| Operating System | Espressif | Esp32-d0wdr2-v3 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-d0wdr2-v3 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-devkitc | - | All | All | All |
| Operating System | Espressif | Esp32-devkitc Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-devkitc Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-devkitm-1 | - | All | All | All |
| Operating System | Espressif | Esp32-devkitm-1 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-devkitm-1 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-mini-1 | - | All | All | All |
| Hardware | Espressif | Esp32-mini-1u | - | All | All | All |
| Operating System | Espressif | Esp32-mini-1u Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-mini-1u Firmware | 3.1 | All | All | All |
| Operating System | Espressif | Esp32-mini-1 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-mini-1 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-pico-d4 | - | All | All | All |
| Operating System | Espressif | Esp32-pico-d4 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-d4 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-pico-kit | - | All | All | All |
| Operating System | Espressif | Esp32-pico-kit Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-kit Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-pico-mini-02 | - | All | All | All |
| Hardware | Espressif | Esp32-pico-mini-02u | - | All | All | All |
| Operating System | Espressif | Esp32-pico-mini-02u Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-mini-02u Firmware | 3.1 | All | All | All |
| Operating System | Espressif | Esp32-pico-mini-02 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-mini-02 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-pico-v3 | - | All | All | All |
| Hardware | Espressif | Esp32-pico-v3-02 | - | All | All | All |
| Operating System | Espressif | Esp32-pico-v3-02 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-v3-02 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-pico-v3-zero | - | All | All | All |
| Hardware | Espressif | Esp32-pico-v3-zero-devkit | - | All | All | All |
| Operating System | Espressif | Esp32-pico-v3-zero-devkit Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-v3-zero-devkit Firmware | 3.1 | All | All | All |
| Operating System | Espressif | Esp32-pico-v3-zero Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-v3-zero Firmware | 3.1 | All | All | All |
| Operating System | Espressif | Esp32-pico-v3 Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-pico-v3 Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-u4wdh | - | All | All | All |
| Operating System | Espressif | Esp32-u4wdh Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-u4wdh Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-vaquita-dspg | - | All | All | All |
| Operating System | Espressif | Esp32-vaquita-dspg Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-vaquita-dspg Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-wroom-32e | - | All | All | All |
| Operating System | Espressif | Esp32-wroom-32e Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-wroom-32e Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-wroom-32ue | - | All | All | All |
| Operating System | Espressif | Esp32-wroom-32ue Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-wroom-32ue Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-wroom-da | - | All | All | All |
| Operating System | Espressif | Esp32-wroom-da Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-wroom-da Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-wrover-e | - | All | All | All |
| Operating System | Espressif | Esp32-wrover-e Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-wrover-e Firmware | 3.1 | All | All | All |
| Hardware | Espressif | Esp32-wrover-ie | - | All | All | All |
| Operating System | Espressif | Esp32-wrover-ie Firmware | 3.0 | All | All | All |
| Operating System | Espressif | Esp32-wrover-ie Firmware | 3.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Wi-Fi & Bluetooth MCUs and AIoT Solutions I Espressif Systems | MISC | espressif.com | |
| www.espressif.com/sites/default/files/advisory_downloads/AR2023-005%20Security%... | MISC | www.espressif.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.