Vulnerability Description
On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Real-Sec | Bc Vault Firmware | - |
| Real-Sec | Bc Vault | - |
Related Weaknesses (CWE)
References
- https://bc-vault.com/2019/08/our-response-to-cve-2019-14359ExploitThird Party Advisory
- https://bc-vault.com/2019/08/our-response-to-cve-2019-14359ExploitThird Party Advisory
FAQ
What is CVE-2019-14359?
CVE-2019-14359 is a vulnerability with a CVSS score of 2.4 (LOW). On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a part...
How severe is CVE-2019-14359?
CVE-2019-14359 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14359?
Check the references section above for vendor advisories and patch information. Affected products include: Real-Sec Bc Vault Firmware, Real-Sec Bc Vault.