CVE-2024-4760

Voltage glitch during startup of the EEFC NVM controller can bypass the security bit

CVSS 6.3 MEDIUMEPSS 0.2%CWE-1247

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

Microchip · SAM3N Microchip · SAM3S Microchip · SAM3U Microchip · SAM4C Microchip · SAM4E Microchip · SAM4N Microchip · SAM4S Microchip · SAME70 Microchip · SAMG55 Microchip · SAMS70 Microchip · SAMV70 Microchip · SAMV71

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/