NotCVE-2023-0003 - RSA signature verification bypass via Arbitrary Code Execution in Sansa Connect bootloader
Date Vendor Attack Vector Impact
2023-12-06
SanDisk
Physical
Confidentiality, Integrity, Availability
CWE CVSS 3.1 EPSS (30-day Exploit Prob.)
6.2
0.08 %
Description
Vendor Product Version Package Name
SanDiskSansa ConnectBootloader 24655-
Discoverer(s)/Credits
Tomasz Moń
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-100: Overflow Buffers
References

Exploitability Metrics

Attack Vector Attack Complexity Privileges Required User Interaction Scope
Physical Low None Required Unchanged

Impact Metrics

Confidentiality Impact Integrity Impact Availability Impact
Low High High