CVE-2020-12788

7.5

HIGH

Atmel ATSAMA5 CMAC Timing and Power Analysis Attack Vulnerability

Description

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

INFO

Published Date :

Sept. 14, 2020, 2:15 p.m.

Last Modified :

Sept. 18, 2020, 7:07 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9 Public PoC/Exploit Available at Github

CVE-2020-12788 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2020-12788 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Microchip	atsama5d21c-cu_firmware
2	Microchip	atsama5d21c-cur_firmware
3	Microchip	atsama5d22c-cn_firmware
4	Microchip	atsama5d22c-cnr_firmware
5	Microchip	atsama5d22c-cu_firmware
6	Microchip	atsama5d22c-cur_firmware
7	Microchip	atsama5d23c-cn_firmware
8	Microchip	atsama5d23c-cnr_firmware
9	Microchip	atsama5d23c-cu_firmware
10	Microchip	atsama5d23c-cur_firmware
11	Microchip	atsama5d24c-cu_firmware
12	Microchip	atsama5d24c-cuf_firmware
13	Microchip	atsama5d24c-cur_firmware
14	Microchip	atsama5d26c-cn_firmware
15	Microchip	atsama5d26c-cnr_firmware
16	Microchip	atsama5d26c-cu_firmware
17	Microchip	atsama5d26c-cur_firmware
18	Microchip	atsama5d27c-cn_firmware
19	Microchip	atsama5d27c-cnr_firmware
20	Microchip	atsama5d27c-cu_firmware
21	Microchip	atsama5d27c-cur_firmware
22	Microchip	atsama5d28c-cn_firmware
23	Microchip	atsama5d28c-cnr_firmware
24	Microchip	atsama5d28c-cu_firmware
25	Microchip	atsama5d28c-cur_firmware
26	Microchip	atsama5d27c-cnvao_firmware
27	Microchip	atsama5d27c-cnrvao_firmware
28	Microchip	atsama5d225c-d1m-cur_firmware
29	Microchip	atsama5d27c-d5m-cu_firmware
30	Microchip	atsama5d27c-d5m-cur_firmware
31	Microchip	atsama5d27c-d1g-cu_firmware
32	Microchip	atsama5d27c-d1g-cur_firmware
33	Microchip	atsama5d28c-d1g-cu_firmware
34	Microchip	atsama5d28c-d1g-cur_firmware
35	Microchip	atsama5d27c-ld1g-cu_firmware
36	Microchip	atsama5d27c-ld1g-cur_firmware
37	Microchip	atsama5d27c-ld2g-cu_firmware
38	Microchip	atsama5d27c-ld2g-cur_firmware
39	Microchip	atsama5d28c-ld1g-cu_firmware
40	Microchip	atsama5d28c-ld1g-cur_firmware
41	Microchip	atsama5d28c-ld2g-cu_firmware
42	Microchip	atsama5d28c-ld2g-cur_firmware
43	Microchip	atsama5d27-wlsom1_firmware
44	Microchip	atsama5d27-som1_firmware
45	Microchip	atsama5d31a-cu_firmware
46	Microchip	atsama5d31a-cur_firmware
47	Microchip	atsama5d31a-cfu_firmware
48	Microchip	atsama5d31a-cfur_firmware
49	Microchip	atsama5d33a-cu_firmware
50	Microchip	atsama5d33a-cur_firmware
51	Microchip	atsama5d34a-cu_firmware
52	Microchip	atsama5d34a-cur_firmware
53	Microchip	atsama5d35a-cu_firmware
54	Microchip	atsama5d35a-cur_firmware
55	Microchip	atsama5d35a-cn_firmware
56	Microchip	atsama5d35a-cnr_firmware
57	Microchip	atsama5d36a-cu_firmware
58	Microchip	atsama5d36a-cur_firmware
59	Microchip	atsama5d36a-cn_firmware
60	Microchip	atsama5d36a-cnr_firmware
61	Microchip	atsama5d41a-cu_firmware
62	Microchip	atsama5d41a-cur_firmware
63	Microchip	atsama5d41b-cu_firmware
64	Microchip	atsama5d41b-cur_firmware
65	Microchip	atsama5d42a-cu_firmware
66	Microchip	atsama5d42a-cur_firmware
67	Microchip	atsama5d42b-cu_firmware
68	Microchip	atsama5d42b-cur_firmware
69	Microchip	atsama5d43a-cu_firmware
70	Microchip	atsama5d43a-cur_firmware
71	Microchip	atsama5d43b-cu_firmware
72	Microchip	atsama5d43b-cur_firmware
73	Microchip	atsama5d44a-cu_firmware
74	Microchip	atsama5d44a-cur_firmware
75	Microchip	atsama5d44b-cu_firmware
76	Microchip	atsama5d44b-cur_firmware

: Total Affected Vendor : 1 | Products : 76

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-12788.

URL	Resource
https://labs.f-secure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities/	Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

f-secure-foundry/advisories

(Inverse Path | F-Secure) Hardware Security Team - Security Advisories

Updated: 1 month, 2 weeks ago

24 stars 4 fork 4 watcher

Born at : July 23, 2019, 3:04 p.m. This repo has been linked 20 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-12788 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-12788 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Sep. 18, 2020

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Changed	Reference Type	https://labs.f-secure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities/ No Types Assigned	https://labs.f-secure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities/ Third Party Advisory
Added	CWE		NIST CWE-203
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d21c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d21c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d21c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d21c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d22c-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d22c-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d22c-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d22c-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d22c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d22c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d22c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d22c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d23c-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d23c-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d23c-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d23c-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d23c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d23c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d23c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d23c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d24c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d24c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d24c-cuf_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d24c-cuf:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d24c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d24c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d26c-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d26c-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d26c-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d26c-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d26c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d26c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d26c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d26c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-cnvao_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-cnvao:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-cnrvao_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-cnrvao:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d225c-d1m-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d225c-d1m-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-d5m-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-d5m-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-d5m-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-d5m-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-d1g-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-d1g-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-d1g-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-d1g-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-d1g-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-d1g-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-d1g-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-d1g-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-ld1g-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-ld1g-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-ld1g-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-ld1g-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-ld2g-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-ld2g-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27c-ld2g-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27c-ld2g-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-ld1g-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-ld1g-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-ld1g-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-ld1g-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-ld2g-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-ld2g-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d28c-ld2g-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d28c-ld2g-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27-wlsom1_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27-wlsom1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d27-som1_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d27-som1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d31a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d31a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d31a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d31a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d31a-cfu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d31a-cfu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d31a-cfur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d31a-cfur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d33a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d33a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d33a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d33a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d34a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d34a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d34a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d34a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d35a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d35a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d35a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d35a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d35a-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d35a-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d35a-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d35a-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d36a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d36a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d36a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d36a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d36a-cn_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d36a-cn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d36a-cnr_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d36a-cnr:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d41a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d41a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d41a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d41a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d41b-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d41b-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d41b-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d41b-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d42a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d42a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d42a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d42a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d42b-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d42b-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d42b-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d42b-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d43a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d43a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d43a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d43a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d43b-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d43b-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d43b-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d43b-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d44a-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d44a-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d44a-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d44a-cur:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d44b-cu_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d44b-cu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:microchip:atsama5d44b-cur_firmware:-::::::: OR cpe:2.3:h:microchip:atsama5d44b-cur:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-12788 is associated with the following CWEs:

CWE-203: Observable Discrepancy

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-12788 weaknesses.

CAPEC-189: Black Box Reverse Engineering Black Box Reverse Engineering

CVE-2020-12788

Atmel ATSAMA5 CMAC Timing and Power Analysis Attack Vulnerability

Description

INFO

Sept. 14, 2020, 2:15 p.m.

Sept. 18, 2020, 7:07 p.m.

[email protected]

Yes !

3.6

3.9

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

f-secure-foundry/advisories

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.17 }} 0.02%

0.52464

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable