CVE-2020-27211 Information

Description

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/ https://eprint.iacr.org/2021/640 https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf https://www.aisec.fraunhofer.de/en/FirmwareProtection.html https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.7