Warning: Undefined array key 0 in /var/app/current/view.php on line 340 Deprecated: substr(): Passing null to parameter #1 ($string) of type string is deprecated in /var/app/current/view.php on line 340 NotCVE-2023-0003 // For flags

NotCVE-2023-0003

RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader

Severity Score

6.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Sansa Connect bootloader does not validate RSA signature multiprecision integer (MPI) length. Attacker can supply image that combined with specific MPI length leads to Arbitrary Code Execution via overwritten return address on stack.

*Credits: Tomasz Moń
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Important Dates Timeline
  • First Exploit
  • 2023-12-06 CVE Reserved
  • 2023-12-06 CVE Published
  • 2024-06-18 CVE Updated
  • ---------- EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-121: Stack-based Buffer Overflow
CAPEC
  • CAPEC-100: Overflow Buffers
Affected Vendors, Products, and Versions
Vendor Product Version Other Vulnerable
Vendor Product Version Other Vuln <-- --> Vendor Product Version Other Vuln
SanDisk
Search vendor "SanDisk"
 Sansa Connect
Search vendor "SanDisk" for product "Sansa Connect"
 Bootloader 24655
Search vendor "SanDisk" for product "Sansa Connect" and version "Bootloader 24655"
-YES