CVE-2024-53845

AES/CBC Constant IV Vulnerability in ESPTouch v2

Severity Score

6.6

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.

*Credits: N/A

CVSS Scores

GitHubv4 6.6

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

None

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-11-22 CVE Reserved
2024-12-11 CVE Published
2024-12-12 CVE Updated
2024-12-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-909: Missing Initialization of Resource

CAPEC

References (9)

URL	Tag	Source
https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2	X_refsource_misc
https://github.com/EspressifApp/EsptouchForIOS/tree/master/EspTouchDemo/ESPTouchV2	X_refsource_misc
https://github.com/espressif/esp-idf/commit/4f85a2726e04b737c8646d865b44ddd837b703db	X_refsource_misc
https://github.com/espressif/esp-idf/commit/8fb28dcedcc49916a5206456a3a61022d4302cd8	X_refsource_misc
https://github.com/espressif/esp-idf/commit/d47ed7d6f814e21c5bc8997ab0bc68e2360e5cb2	X_refsource_misc
https://github.com/espressif/esp-idf/commit/de69895f38d563e22228f5ba23fffa02feabc3a9	X_refsource_misc
https://github.com/espressif/esp-idf/commit/fd224e83bbf133833638b277c767be7f7cdd97c7	X_refsource_misc
https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr	X_refsource_confirm
https://github.com/espressif/esp-idf/tree/master/components/esp_wifi	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				>= 5.3.0 < 5.3.2 Search vendor "Espressif" for product "Esp-idf" and version " >= 5.3.0 < 5.3.2"		en		Affected
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				>= 5.2.0 < 5.2.4 Search vendor "Espressif" for product "Esp-idf" and version " >= 5.2.0 < 5.2.4"		en		Affected
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				>= 5.1.0 < 5.1.6 Search vendor "Espressif" for product "Esp-idf" and version " >= 5.1.0 < 5.1.6"		en		Affected
Espressif Search vendor "Espressif"		Esp-idf Search vendor "Espressif" for product "Esp-idf"				< 5.0.8 Search vendor "Espressif" for product "Esp-idf" and version " < 5.0.8"		en		Affected