How severe is CVE-2018-18056?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2018-18056?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2018-18056 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. Based on the gathered information, it is possible to reverse-engineer the executed instructions. The processor acts as a kind of "instruction oracle."

Related Vulnerabilities

CVE-2015-7846

MEDIUM

CVSS:4.6(Medium)

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.

CWE-2002015

CVE-2015-7946

MEDIUM

CVSS:4.6(Medium)

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency diale...

CWE-2002015

CVE-2016-3145

MEDIUM

CVSS:4.6(Medium)

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows phy...

CWE-2002016

CVE-2016-4595

MEDIUM

CVSS:4.6(Medium)

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

CWE-2002016

CVE-2016-7060

MEDIUM

CVSS:4.6(Medium)

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the di...

CWE-2002016

CVE-2016-7634

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are local...

CWE-2002016