Multiple vulnerabilities in ESP-IDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2019-9496 CVE-2022-23304 CVE-2022-23303 CVE-2019-9494 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 |
| CWE-ID | CWE-287 CWE-327 CWE-200 CWE-320 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. |
| Vulnerable software Subscribe |
ESP-IDF Server applications / Other server solutions |
| Vendor | Espressif Systems |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU23961
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2019-9496
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing state validation steps when processing the
SAE confirm message when in hostapd/AP mode. A remote attacker can bypass authentication process, force the hostapd process to terminate and perform a denial of service (DoS) attack on the target system.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU59838
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23304
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the implementations of EAP-PWD are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.
Note, this vulnerability exists due to incomplete fix for #VU23960 (CVE-2019-9495).
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU59839
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23303
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the implementations of SAE are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.
Note, this vulnerability exists due to incomplete fix for #VU23959 (CVE-2019-9494). MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Information disclosure
EUVDB-ID: #VU23959
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2019-9494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the implementations of SAE are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. A remote attacker can gain leaked information from a side channel attack that can be used for full password recovery.
MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Key management errors
EUVDB-ID: #VU8837
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-13077
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Key management errors
EUVDB-ID: #VU8838
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-13078
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Key management errors
EUVDB-ID: #VU8839
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-13079
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Key management errors
EUVDB-ID: #VU8841
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-13081
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Key management errors
EUVDB-ID: #VU8842
Risk: High
CVSSv3.1:
CVE-ID: CVE-2017-13082
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3 External linkshttp://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
