Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code from flash. The fault injection attack does not disable the Flash Encryption feature, so if the ESP32 is configured with the recommended combination of Secure Boot and Flash Encryption, then the impact is minimized. If the ESP32 is configured without Flash Encryption then successful fault injection allows arbitrary code execution. To protect devices with Flash Encryption and Secure Boot enabled against this attack, a firmware change must be made to permanently enable Flash Encryption in the field if it is not already permanently enabled.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Espressif ESP-IDF 注入漏洞
Vulnerability Description
Espressif ESP-IDF是中国乐鑫信息科技(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF中存在安全漏洞。攻击者可利用该漏洞执行任意代码。以下版本受到影响:2.x版本,3.0.x版本至3.0.9版本,3.1.x版本至3.1.6版本,3.2.x版本至3.2.3版本和3.3.x版本至3.3.1版本。
CVSS Information
N/A
Vulnerability Type
N/A