CVE-2020-10283 - OpenCVE

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dronecode	Micro Air Vehicle Link

Configuration 1 [-]

cpe:2.3:a:dronecode:micro_air_vehicle_link:1.0.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/aliasrobotics/RVD/issues/3316	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Alias

Published: 2020-08-20T00:00:00

Updated: 2020-08-20T08:15:12

Reserved: 2020-03-10T00:00:00

Link: CVE-2020-10283

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-20T09:15:11.140

Modified: 2022-10-28T19:00:31.517

Link: CVE-2020-10283

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "MAVLink", "vendor": "PX4", "versions": [{"status": "affected", "version": "2.0"}]}], "credits": [{"lang": "en", "value": "Victor Mayoral Vilches (Alias Robotics)"}], "datePublic": "2020-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-20T08:15:12", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aliasrobotics/RVD/issues/3316"}], "source": {"defect": ["RVD#3317"], "discovery": "EXTERNAL"}, "title": "RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication", "x_generator": {"engine": "Robot Vulnerability Database (RVD)"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-08-20T08:07:15 +00:00", "ID": "CVE-2020-10283", "STATE": "PUBLIC", "TITLE": "RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MAVLink", "version": {"version_data": [{"version_value": "2.0"}]}}]}, "vendor_name": "PX4"}]}}, "credit": [{"lang": "eng", "value": "Victor Mayoral Vilches (Alias Robotics)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."}]}, "generator": {"engine": "Robot Vulnerability Database (RVD)"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "high", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288"}]}]}, "references": {"reference_data": [{"name": "https://github.com/aliasrobotics/RVD/issues/3316", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/3316"}]}, "source": {"defect": ["RVD#3317"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10283", "datePublished": "2020-08-20T00:00:00", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2020-08-20T08:15:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dronecode:micro_air_vehicle_link:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F56CC677-E829-48A5-B01B-9B33F13C084B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."}, {"lang": "es", "value": "El protocolo Micro Air Vehicle Link (MAVLink) presenta mecanismos de autenticaci\u00f3n en su versi\u00f3n 2.0, sin embargo, de acuerdo con su documentaci\u00f3n, para mantener la compatibilidad con versiones anteriores, GCS y autopilot negocian la versi\u00f3n por medio del mensaje AUTOPILOT_VERSION. Dado que esta negociaci\u00f3n depende de la respuesta, un atacante puede dise\u00f1ar paquetes de una manera que sugiera al autopilot que adopte la versi\u00f3n 1.0 de MAVLink para la comunicaci\u00f3n. Dada la falta de capacidades de autenticaci\u00f3n en dicha versi\u00f3n de MAVLink (refierase a CVE-2020-10282), los atacantes pueden usar este m\u00e9todo para omitir las capacidades de autenticaci\u00f3n e interactuar con el piloto autom\u00e1tico directamente."}], "id": "CVE-2020-10283", "lastModified": "2022-10-28T19:00:31.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "cve@aliasrobotics.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-20T09:15:11.140", "references": [{"source": "cve@aliasrobotics.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/aliasrobotics/RVD/issues/3316"}], "sourceIdentifier": "cve@aliasrobotics.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "cve@aliasrobotics.com", "type": "Secondary"}]}