CVE-2019-13991 : Embedded systems based on Arduino before Rev3 allow remote attackers to send dat

Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity.

Published 2019-07-19 21:15:11

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-13991

Arduino » Arduino Firmware
Versions before (<) rev3
cpe:2.3:o:arduino:arduino_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Arduino » Arduino » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-13991

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-13991

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:P/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

References for CVE-2019-13991

https://arxiv.org/abs/1907.00479

[1907.00479] ("Oops! Had the silly thing in reverse")---Optical injection attacks in through LED status indicators
Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-13991

Products affected by CVE-2019-13991

Exploit prediction scoring system (EPSS) score for CVE-2019-13991

CVSS scores for CVE-2019-13991

References for CVE-2019-13991