CVE-2023-51712

EUVD-2023-56409
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA-ADPADP
4.7 MEDIUM
PHYSICAL
HIGH
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
armtrusted_firmware-m
𝑥
≤ 2.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
arm-trusted-firmware
bookworm
2.8.0+dfsg-1
fixed
bullseye
2.4+dfsg-2
fixed
sid
2.10.0+dfsg-1
fixed
trixie
2.10.0+dfsg-1
fixed
References
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html