NotCVE-2023-0003 - RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
Date | Vendor | Attack Vector | Impact |
---|---|---|---|
2023-12-06 |
SanDisk
|
Physical
|
Confidentiality, Integrity, Availability
|
CWE | CVSS 3.1 | EPSS (30-day Exploit Prob.) |
---|---|---|
0.08 %
|
Description | |||
---|---|---|---|
Sansa Connect bootloader does not validate RSA signature multiprecision integer (MPI) length. Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack.
|
Vendor | Product | Version | Package Name |
---|---|---|---|
SanDisk | Sansa Connect | Bootloader 24655 | - |
Discoverer(s)/Credits |
---|
Tomasz Moń
|
Common Attack Pattern Enumeration and Classification (CAPEC) |
---|
CAPEC-100: Overflow Buffers
|
References |
---|
Exploitability Metrics
Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope |
---|---|---|---|---|
Physical | Low | None | Required | Unchanged |
Impact Metrics
Confidentiality Impact | Integrity Impact | Availability Impact |
---|---|---|
Low | High | High |