How severe is CVE-2021-3011?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2021-3011?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2021-3011

MEDIUM Year: 2021

CVSS v3 Score

4.2

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-670

View all →

Vulnerability Description

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

CVE-2020-26506

MEDIUM

CVSS:4.3(Medium)

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed f...

CWE-6702020

CVE-2020-3885

MEDIUM

CVSS:4.3(Medium)

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windo...

CWE-6702020

CVE-2024-25622

MEDIUM

CVSS:4.3(Medium)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The conf...

CWE-6702024

CVE-2024-45298

MEDIUM

CVSS:4.3(Medium)

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said ...

CWE-6702024

CVE-2024-47168

LOW

CVSS:4.3(Medium)

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False....

CWE-6702024

CVE-2021-1236

MEDIUM

CVSS:4.0(Medium)

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected ...

CWE-6702021

CVE-2021-3011

Vulnerability Description

Related Vulnerabilities

CVE-2020-26506

CVE-2020-3885

CVE-2024-25622

CVE-2024-45298

CVE-2024-47168

CVE-2021-1236