CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-4760

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00064/1

CVE-2024-4760 is a security vulnerability affecting Microchip SAM E70/S70/V70/V71 microcontrollers. This voltage glitch during startup allows unauthorized access to the memory bus through the debug interface, even when the security bit is enabled. With an SVRS of 30, this vulnerability poses a moderate risk, indicating potential exploitation but not requiring immediate action. An attacker could bypass security measures and potentially gain control of the device's memory, leading to information disclosure or malicious code execution. The vulnerability lies in the EEFC NVM controllers. While the CVSS score is 0, the SVRS highlights that there are still possible attack vectors even if they are hard to exploit. This is a risk and needs to be monitored.

TAGS
No tags available
VECTOR STRING
PUBLICATION DATE2024-05-16
LAST MODIFIED2024-05-16

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-4760 | Microchip SAME70/SAMS70/SAMV70/SAMV71 EEFC NVM Controller improper protection against voltage and clock glitches
vuldb.com2025-03-29
CVE-2024-4760 | Microchip SAME70/SAMS70/SAMV70/SAMV71 EEFC NVM Controller improper protection against voltage and clock glitches | A vulnerability, which was classified as critical, was found in Microchip SAME70, SAMS70, SAMV70 and SAMV71. Affected is an unknown function of the component EEFC NVM Controller. The manipulation leads to improper protection against voltage and clock glitches. This vulnerability is traded as CVE-2024-4760. It is possible
vuldb.com
rss
forum
news
Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
2dc682d0fcad713a96cc38477d6 which was released along with the extension version `0.35`. As a workaround, Chrome users can use the Extensions Settings to disable the extension access to only the origins that you want. Firefox doesn't have an alternative to upgrading to a fixed version. 2024-05-14 7.6 CVE-2024-34714
cisa.gov
rss
forum
news
CVE-2024-4760 | Microchip SAME70/SAMS70/SAMV70/SAMV71 EEFC NVM Controller unknown vulnerability
vuldb.com2024-05-16
CVE-2024-4760 | Microchip SAME70/SAMS70/SAMV70/SAMV71 EEFC NVM Controller unknown vulnerability | A vulnerability, which was classified as critical, was found in Microchip SAME70, SAMS70, SAMV70 and SAMV71. Affected is an unknown function of the component EEFC NVM Controller. The manipulation leads to improper protection against voltage and clock glitches. This vulnerability is traded as CVE-2024-4760. It is possible to launch the attack on
cve-2024-4760
domains
urls
cves

Social Media

🚨 Critical vuln in Microchip SAME70/SAMS70/SAMV70/SAMV71 EEFC NVM Controller (CVE-2024-4760). Improper protection against voltage & clock glitches. Audit device security and apply patches ASAP to mitigate risks! #EmbeddedSecurity #VulnerabilityManagement
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
DC3F6DA9-85B5-4A73-84A2-2EC90B40FCA5https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/

CWE Details

CWE IDCWE NameDescription
CWE-1247Improper Protection Against Voltage and Clock GlitchesThe device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence