CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
mitreCNA
---
---
CISA-ADPADP
4.7 MEDIUM
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
armtrusted_firmware-m
𝑥
≤ 2.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
arm-trusted-firmware
bullseye
2.4+dfsg-2
fixed
bookworm
2.8.0+dfsg-1
fixed
trixie
2.10.0+dfsg-1
fixed
sid
2.10.0+dfsg-1
fixed
References
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html