FKIE_CVE-2021-38545

Vulnerability from fkie_nvd - Published: 2021-08-11 16:15 - Updated: 2024-11-21 06:17
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the Raspberry Pi supplies power to some speakers. The power indicator LED of the Raspberry Pi is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, we can recover the sound played by the speakers.
References
cve@mitre.orghttps://www.nassiben.com/glowworm-attackExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nassiben.com/glowworm-attackExploit, Third Party Advisory
Impacted products
Vendor Product Version
raspberrypi raspberry_pi_4_model_b_firmware *
raspberrypi raspberry_pi_4_model_b -
raspberrypi raspberry_pi_3_model_b\+_firmware *
raspberrypi raspberry_pi_3_model_b\+ -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:raspberrypi:raspberry_pi_4_model_b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B4F95A-8C81-4E40-9658-65E6EC9BA67B",
              "versionEndIncluding": "2021-08-09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:raspberrypi:raspberry_pi_4_model_b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F8F733-1A85-497A-BE05-6662D5FBD513",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:raspberrypi:raspberry_pi_3_model_b\\+_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F8284F0-7BE5-4B39-89BD-363CE411913B",
              "versionEndIncluding": "2021-08-09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:raspberrypi:raspberry_pi_3_model_b\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05303822-9252-471C-9209-7DBB593A3874",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a \"Glowworm\" attack. We assume that the Raspberry Pi supplies power to some speakers. The power indicator LED of the Raspberry Pi is connected directly to the power line, as a result, the intensity of a device\u0027s power indicator LED is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi\u0027s power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, we can recover the sound played by the speakers."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Raspberry Pi 3 B+ y 4 B hasta 09-08-2021, en determinados casos de uso en los que el dispositivo suministra energ\u00eda a los equipos de salida de audio, permiten a atacantes remotos recuperar las se\u00f1ales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-\u00f3ptico, tambi\u00e9n se conoce como un ataque \"Glowworm\". Suponemos que la Raspberry Pi suministra energ\u00eda a unos altavoces. El LED indicador de potencia de la Raspberry Pi est\u00e1 conectado directamente a la l\u00ednea de alimentaci\u00f3n, por lo que la intensidad del LED indicador de potencia del dispositivo es correlativa al consumo de energ\u00eda. El sonido reproducido por los altavoces afecta al consumo de energ\u00eda de la Raspberry Pi y, en consecuencia, tambi\u00e9n es correlativo a la intensidad de la luz del LED. Al analizar las medidas obtenidas de un sensor electro-\u00f3ptico dirigido al LED indicador de potencia de la Raspberry Pi, podemos recuperar el sonido reproducido por los altavoces"
    }
  ],
  "id": "CVE-2021-38545",
  "lastModified": "2024-11-21T06:17:24.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-11T16:15:07.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.nassiben.com/glowworm-attack"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.nassiben.com/glowworm-attack"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.