Vulnerabilities > CVE-2020-13464 - Missing Authorization vulnerability in Cksic Cks32F103 Firmware

CVSS 4.2 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

high complexity

cksic

CWE-862

NVD

Published: 2020-08-31

Updated: 2021-07-21

Summary

The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.

Vulnerable Configurations

Part	Description	Count
OS	Cksic Cksic Cks32F103 Firmware -	1
Hardware	Cksic Cksic Cks32F103 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.usenix.org/system/files/woot20-paper-obermaier.pdf