Multiple vulnerabilities in ESP-IDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2019-9496 CVE-2022-23304 CVE-2022-23303 CVE-2019-9494 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 |
| CWE-ID | CWE-287 CWE-327 CWE-200 CWE-320 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. |
| Vulnerable software |
ESP-IDF Server applications / Other server solutions |
| Vendor | Espressif Systems |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU23961
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9496
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing state validation steps when processing the
SAE confirm message when in hostapd/AP mode. A remote attacker can bypass authentication process, force the hostapd process to terminate and perform a denial of service (DoS) attack on the target system.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU59838
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23304
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the implementations of EAP-PWD are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.
Note, this vulnerability exists due to incomplete fix for #VU23960 (CVE-2019-9495).
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU59839
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23303
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the implementations of SAE are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.
Note, this vulnerability exists due to incomplete fix for #VU23959 (CVE-2019-9494). MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU23959
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the implementations of SAE are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. A remote attacker can gain leaked information from a side channel attack that can be used for full password recovery.
MitigationInstall update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Key management errors
EUVDB-ID: #VU8837
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13077
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Key management errors
EUVDB-ID: #VU8838
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13078
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Key management errors
EUVDB-ID: #VU8839
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13079
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Key management errors
EUVDB-ID: #VU8841
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13081
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Key management errors
EUVDB-ID: #VU8842
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13082
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Install update from vendor's website.
Vulnerable software versionsESP-IDF: 4.3 - 4.3.4
CPE2.3- cpe:2.3:a:espressif_systems:esp-idf:4.3:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.1:*:*:*:*:*:*:
- cpe:2.3:a:espressif_systems:esp-idf:4.3.2:*:*:*:*:*:*:
http://github.com/espressif/esp-idf/releases/tag/v4.3.5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
