CVE-2021-38545

{"id": "CVE-2021-38545", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2021-08-11T16:15:07.280", "references": [{"url": "https://www.nassiben.com/glowworm-attack", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a \"Glowworm\" attack. We assume that the Raspberry Pi supplies power to some speakers. The power indicator LED of the Raspberry Pi is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, we can recover the sound played by the speakers."}, {"lang": "es", "value": "Los dispositivos Raspberry Pi 3 B+ y 4 B hasta 09-08-2021, en determinados casos de uso en los que el dispositivo suministra energ\u00eda a los equipos de salida de audio, permiten a atacantes remotos recuperar las se\u00f1ales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-\u00f3ptico, tambi\u00e9n se conoce como un ataque \"Glowworm\". Suponemos que la Raspberry Pi suministra energ\u00eda a unos altavoces. El LED indicador de potencia de la Raspberry Pi est\u00e1 conectado directamente a la l\u00ednea de alimentaci\u00f3n, por lo que la intensidad del LED indicador de potencia del dispositivo es correlativa al consumo de energ\u00eda. El sonido reproducido por los altavoces afecta al consumo de energ\u00eda de la Raspberry Pi y, en consecuencia, tambi\u00e9n es correlativo a la intensidad de la luz del LED. Al analizar las medidas obtenidas de un sensor electro-\u00f3ptico dirigido al LED indicador de potencia de la Raspberry Pi, podemos recuperar el sonido reproducido por los altavoces"}], "lastModified": "2021-08-23T17:31:09.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:raspberrypi:raspberry_pi_4_model_b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B4F95A-8C81-4E40-9658-65E6EC9BA67B", "versionEndIncluding": "2021-08-09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:raspberrypi:raspberry_pi_4_model_b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73F8F733-1A85-497A-BE05-6662D5FBD513"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:raspberrypi:raspberry_pi_3_model_b\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F8284F0-7BE5-4B39-89BD-363CE411913B", "versionEndIncluding": "2021-08-09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:raspberrypi:raspberry_pi_3_model_b\\+:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05303822-9252-471C-9209-7DBB593A3874"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}