5.3

CVE-2022-45163

Exploit

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.)

Data is provided by the National Vulnerability Database (NVD)
NxpI.Mx 6 Firmware Version-
   NxpI.Mx 6 Version-
NxpI.Mx 6dual Firmware Version-
   NxpI.Mx 6dual Version-
NxpI.Mx 6duallite Firmware Version-
   NxpI.Mx 6duallite Version-
NxpI.Mx 6dualplus Firmware Version-
   NxpI.Mx 6dualplus Version-
NxpI.Mx 6quad Firmware Version-
   NxpI.Mx 6quad Version-
NxpI.Mx 6quadplus Firmware Version-
   NxpI.Mx 6quadplus Version-
NxpI.Mx 6solo Firmware Version-
   NxpI.Mx 6solo Version-
NxpI.Mx 6sololite Firmware Version-
   NxpI.Mx 6sololite Version-
NxpI.Mx 6solox Firmware Version-
   NxpI.Mx 6solox Version-
NxpI.Mx 6ull Firmware Version-
   NxpI.Mx 6ull Version-
NxpI.Mx 6ultralite Firmware Version-
   NxpI.Mx 6ultralite Version-
NxpI.Mx 6ulz Firmware Version-
   NxpI.Mx 6ulz Version-
NxpI.Mx 7dual Firmware Version-
   NxpI.Mx 7dual Version-
NxpI.Mx 7solo Firmware Version-
   NxpI.Mx 7solo Version-
NxpI.Mx 7ulp Firmware Version-
   NxpI.Mx 7ulp Version-
NxpI.Mx 8m Mini Firmware Version-
   NxpI.Mx 8m Mini Version-
NxpI.Mx 8m Quad Firmware Version-
   NxpI.Mx 8m Quad Version-
NxpI.Mx 8m Vybrid Firmware Version-
   NxpI.Mx 8m Vybrid Version-
NxpI.Mx Rt1010 Firmware Version-
   NxpI.Mx Rt1010 Version-
NxpI.Mx Rt1015 Firmware Version-
   NxpI.Mx Rt1015 Version-
NxpI.Mx Rt1020 Firmware Version-
   NxpI.Mx Rt1020 Version-
NxpI.Mx Rt1050 Firmware Version-
   NxpI.Mx Rt1050 Version-
NxpI.Mx Rt1060 Firmware Version-
   NxpI.Mx Rt1060 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.307
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve@mitre.org 5.3 0.9 4
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://research.nccgroup.com/2022/11/17/cve-2022-45163/
Third Party Advisory
Exploit
Technical Description
https://research.nccgroup.com/category/technical-advisory/
Third Party Advisory
Exploit
Technical Description