CVE-2020-27211

low-risk
Published 2021-05-21

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.7/10 Medium
PHYSICAL / HIGH complexity

Affected Products (1)

Nrf52840 Firmware

Affected Vendors

Nordicsemi

References (10)

Third Party Advisory https://eprint.iacr.org/2021/640
Third Party Advisory https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
Third Party Advisory https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
Third Party Advisory https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/secu...
Third Party Advisory https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Third Party Advisory https://eprint.iacr.org/2021/640
Third Party Advisory https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf
Third Party Advisory https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/
Third Party Advisory https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/secu...
Third Party Advisory https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
20
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal