CVE-2020-10059 - OpenCVE

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zephyrproject	Zephyr

Configuration 1 [-]

OR	cpe:2.3:o:zephyrproject:zephyr:2.1.0:::::::*
	cpe:2.3:o:zephyrproject:zephyr:2.2.0:::::::*

References

Link	Resource
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059
https://github.com/zephyrproject-rtos/zephyr/pull/24954	Patch Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/24997	Patch Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/24999	Patch Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zephyr

Published: 2020-05-01T00:00:00

Updated: 2020-06-05T17:37:37

Reserved: 2020-03-04T00:00:00

Link: CVE-2020-10059

JSON object: View

NVD Information

Status : Modified

Published: 2020-05-11T23:15:11.973

Modified: 2020-06-05T18:15:12.247

Link: CVE-2020-10059

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "NCC Group for report"}], "datePublic": "2020-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-05T17:37:37", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"}], "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"], "discovery": "EXTERNAL"}, "title": "UpdateHub Module Explicitly Disables TLS Verification", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilities@zephyrproject.org", "DATE_PUBLIC": "2020-05-01T00:00:00.000Z", "ID": "CVE-2020-10059", "STATE": "PUBLIC", "TITLE": "UpdateHub Module Explicitly Disables TLS Verification"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zephyr", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.1.0"}]}}]}, "vendor_name": "zephyrproject-rtos"}]}}, "credit": [{"lang": "eng", "value": "NCC Group for report"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295 Improper Certificate Validation"}]}]}, "references": {"reference_data": [{"name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36", "refsource": "MISC", "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24954", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24999", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"}, {"name": "https://github.com/zephyrproject-rtos/zephyr/pull/24997", "refsource": "MISC", "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"}, {"name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059", "refsource": "MISC", "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"}]}, "source": {"defect": ["https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2020-10059", "datePublished": "2020-05-01T00:00:00", "dateReserved": "2020-03-04T00:00:00", "dateUpdated": "2020-06-05T17:37:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF33DD80-0286-477C-88A4-FCEC0D80F520", "vulnerable": true}, {"criteria": "cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "677DD0A3-502D-45F1-9CC8-8DDB8F230DFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."}, {"lang": "es", "value": "El m\u00f3dulo UpdateHub deshabilita la comprobaci\u00f3n del peer DTLS, lo que permite un ataque de tipo man in the middle. Esto es mitigado por im\u00e1genes de firmware que requieren firmas validas. Sin embargo, no existe ning\u00fan beneficio al usar DTLS sin la comprobaci\u00f3n del peer. Consulte NCC-ZEP-018. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 2.1.0 y versiones posteriores."}], "id": "CVE-2020-10059", "lastModified": "2020-06-05T18:15:12.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}, "published": "2020-05-11T23:15:11.973", "references": [{"source": "vulnerabilities@zephyrproject.org", "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24954"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24997"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/zephyrproject-rtos/zephyr/pull/24999"}, {"source": "vulnerabilities@zephyrproject.org", "tags": ["Third Party Advisory"], "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}