CVE-2020-11683
Global infos:
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.
CVE Status: Modified
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | PHYSICAL |
| Availability Impact | HIGH |
| Base Score | 6.8 |
| Base Severity | MEDIUM |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Privileges Required | NONE |
| Scope | UNCHANGED |
| User Interaction | NONE |
| Vector String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Exploitability Score | 0.9 |
| Impact Score | 5.9 |
| Source | [email protected] |
| Type | Primary |