CVE-2020-10368

Name of the Vulnerable Software and Affected Versions Cypress (and Broadcom) Wireless Combo chips versions prior to the January 2021 firmware update

Description The issue allows memory read access via a "Spectra" attack when a January 2021 firmware update is not present. This affects specific versions of Cypress (and Broadcom) Wireless Combo chips. Users are urged to update to the latest version and apply all recommended patches to mitigate potential threats.

Recommendations As a temporary workaround, consider disabling the vulnerable function until a patch is available. Update to the latest firmware and apply all recommended patches to mitigate potential threats. Restrict access to vulnerable modules to minimize the risk of exploitation. Avoid using vulnerable parameters in affected API endpoints until the issue is resolved.