CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 2CVE-2022-45163
https://notcve.org/view.php?id=CVE-2022-45163
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) Existe una vulnerabilidad de divulgación de información en dispositivos NXP seleccionados cuando se configuran en modo Serial Download Protocol (SDP):i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, y Vybrid. • https://nxp.com https://research.nccgroup.com/2022/11/17/cve-2022-45163 https://research.nccgroup.com/category/technical-advisory • CWE-203: Observable Discrepancy •
CVSS: 6.0EPSS: 0%CPEs: 60EXPL: 0CVE-2017-7932
https://notcve.org/view.php?id=CVE-2017-7932
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image. Se ha descubierto un problema de validación incorrecta de certificados en NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, y i.MX 6QuadPlus. Cuando el dispositivo está configurado con opciones de seguridad habilitadas, bajo algunas condiciones es posible eludir la verificación de firma utilizando un certificado especialmente manipulado que lleva a la ejecución de una imagen sin firmar. • http://www.securityfocus.com/bid/99966 https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 • CWE-295: Improper Certificate Validation •