CVE-2020-14474 - OpenCVE

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cellebrite	Ufed Firmware Ufed

Configuration 1 [-]

AND

cpe:2.3:o:cellebrite:ufed_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cellebrite:ufed:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/31	Exploit Mailing List Third Party Advisory
https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-30T18:03:50

Updated: 2020-06-30T19:06:06

Reserved: 2020-06-19T00:00:00

Link: CVE-2020-14474

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-30T19:15:11.397

Modified: 2020-07-10T14:26:37.413

Link: CVE-2020-14474

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-30T19:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2020/Jun/31"}, {"tags": ["x_refsource_MISC"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14474", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2020/Jun/31", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Jun/31"}, {"name": "https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt", "refsource": "MISC", "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt"}, {"name": "http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14474", "datePublished": "2020-06-30T18:03:50", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2020-06-30T19:06:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cellebrite:ufed_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACF4CF22-C1AC-4F58-A9D2-969AD080C29D", "versionEndIncluding": "7.5.0.845", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cellebrite:ufed:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA835CD-4CD7-4CCF-8206-420F2B9E179B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data."}, {"lang": "es", "value": "El dispositivo f\u00edsico Cellebrite UFED versiones 5.0 h??asta 7.5.0.845, se basa en material de clave embebido tanto dentro del c\u00f3digo ejecutable que admite el proceso de descifrado como dentro de los archivos cifrados mediante el uso de una t\u00e9cnica de envoltura de clave. El material de clave recuperado es el mismo para todos los dispositivos que ejecutan la misma versi\u00f3n del software, y no parece ser cambiado con cada nueva compilaci\u00f3n. Es posible reconstruir el proceso de descifrado mediante el uso de material de clave embebido y obtener un f\u00e1cil acceso a los datos protegidos de otra manera"}], "id": "CVE-2020-14474", "lastModified": "2020-07-10T14:26:37.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-30T19:15:11.397", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jun/31"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}