Vulnerability CVE-2020-10759

Vulnerability Name:

CVE-2020-10759

Assigned:

2020-06-05

Published:

2020-06-05

Updated:

2023-02-12

Summary:

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.

CVSS v3 Severity:

6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

6.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-347

References:

Source: MITRE
Type: CNA
CVE-2020-10759

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2020-10759 (CCN-183847)

Assigned:

2020-06-05

Published:

2020-06-05

Updated:

2020-09-22

Summary:

CVSS v3 Severity:

6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
5.0 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-347

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2020-10759

Source: CCN
Type: Red Hat Bugzilla Bug 1844316
(CVE-2020-10759) - CVE-2020-10759 fwupd: Possible bypass in signature verification

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1844316

Source: XF
Type: UNKNOWN
fwupd-cve202010759-sec-bypass(183847)

Source: CCN
Type: fwupd GIT Repository
Validate that gpgme_op_verify_result() returned at least one signature

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010759	V	CVE-2020-10759	2023-06-22
oval:org.opensuse.security:def:7888	P	fwupd-1.8.6-150500.2.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7889	P	fwupdtpmevlog-1.5.8-150300.3.7.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3682	P	Security update for webkit2gtk3 (Important)	2022-07-22
oval:org.opensuse.security:def:3271	P	libudisks2-0-2.1.3-3.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3694	P	libusbmuxd4-1.0.10-2.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3028	P	busybox-1.21.1-3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3042	P	ctags-5.8-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3044	P	cups-filters-1.0.58-19.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3034	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3004	P	accountsservice-0.6.42-16.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95190	P	gimp-2.10.30-150400.1.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2963	P	krb5-1.19.2-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94901	P	fwupd-1.7.3-150400.2.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2995	P	libblkid-devel-2.37.2-150400.6.26 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2957	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2975	P	libXcursor-devel-1.1.15-1.18 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94763	P	openvpn-2.5.5-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2953	P	ipsec-tools-0.8.2-5.35 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2989	P	libXvMC-devel-1.0.10-1.23 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1656	P	Security update for mozilla-nss (Important)	2022-04-11
oval:org.opensuse.security:def:100724	P	(Moderate)	2022-03-30
oval:org.opensuse.security:def:1540	P	Security update for libreoffice (Moderate)	2022-03-17
oval:org.opensuse.security:def:1184	P	Security update for log4j12 (Important)	2022-01-28
oval:org.opensuse.security:def:112149	P	dfu-tool-1.5.8-1.5 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112471	P	jcat-tool-0.1.3-1.8 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105685	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:64591	P	Security update for the Linux Kernel (Important)	2021-10-15
oval:org.opensuse.security:def:105968	P	jcat-tool-0.1.3-1.8 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:65594	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:2154	P	sysstat-isag-12.0.2-3.6.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2134	P	libwsman-devel-2.6.7-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2143	P	qemu-3.1.0-7.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2132	P	libvirglrenderer0-0.6.0-2.30 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2152	P	stunnel-5.44-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2138	P	openslp-server-2.0.0-6.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64751	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:63439	P	libsybdb5-1.1.36-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:71908	P	libksba-devel-1.3.5-2.14 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62745	P	fwupd-1.5.8-1.13 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71792	P	cracklib-2.9.7-11.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72464	P	fwupd-1.5.8-1.13 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101151	P	fwupd-1.5.8-1.13 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101476	P	Security update for qemu (Important)	2021-07-21
oval:org.opensuse.security:def:101903	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2021-07-16
oval:org.opensuse.security:def:68555	P	Security update for postgresql13 (Moderate)	2021-07-11
oval:org.opensuse.security:def:48649	P	xdg-utils-20140630-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48650	P	xfsprogs-4.3.0-8.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48791	P	libjavascriptcoregtk-1_0-0-2.4.11-23.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48666	P	cyrus-sasl-digestmd5-32bit-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64693	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:64483	P	Security update for webkit2gtk3 (Important)	2021-04-29
oval:org.opensuse.security:def:64484	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:65208	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:111308	P	Security update for fwupd (Important)	2021-04-09
oval:org.opensuse.security:def:74275	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:108569	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:5642	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:65207	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:75799	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:66731	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:108142	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:4118	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:117656	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:96831	P	Security update for fwupd (Important)	2021-04-08
oval:org.opensuse.security:def:94011	P	(Important)	2021-03-24
oval:org.opensuse.security:def:69942	P	Security update for java-11-openjdk (Important)	2021-02-09
oval:org.opensuse.security:def:66691	P	Security update for clamav-database (Important)	2020-12-07
oval:org.opensuse.security:def:2187	P	libmariadb-devel-3.1.8-3.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62943	P	crash-7.2.8-16.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2189	P	libosinfo-devel-1.7.1-1.52 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72294	P	libplist++-devel-2.0.0-1.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2182	P	libct4-1.1.36-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62936	P	bouncycastle-1.64-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63642	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72348	P	fwupd-1.2.11-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107390	P	fwupd-1.2.11-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2160	P	apache2-devel-2.4.43-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63146	P	davfs2-1.5.4-1.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116948	P	fwupd-1.2.11-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62940	P	cargo-1.36.0-7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72178	P	libnm-gtk-devel-1.8.10-3.39 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48989	P	gimp-2.8.18-9.3.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62629	P	fwupd-1.2.11-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62968	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2177	P	gtk-vnc-devel-1.0.0-2.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2827	P	Security update for libvpx (Moderate)	2020-12-02
oval:org.opensuse.security:def:2837	P	Security update for fwupd (Important)	2020-12-02
oval:org.opensuse.security:def:49489	P	sane-backends on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65118	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:49378	P	buildah on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73264	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49821	P	bsh2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50550	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:68838	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:49571	P	libplist++-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64018	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:74805	P	Security update for nagios (Moderate)	2020-12-01
oval:org.opensuse.security:def:49130	P	ldb-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49861	P	perl-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65504	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:50222	P	dia on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68941	P	Security update for fwupd (Important)	2020-12-01
oval:org.opensuse.security:def:49830	P	dom4j on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49625	P	fwupd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49609	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51210	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:49470	P	libthai-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49967	P	memcached on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50716	P	Security update for postgresql (Moderate)	2020-12-01
oval:org.opensuse.security:def:49765	P	zlib-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73382	P	fwupd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66599	P	powerpc-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49471	P	libtiff5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64347	P	liblua5_3-5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49224	P	libpython3_6m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49934	P	389-ds on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70047	P	fwupd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50685	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:51272	P	Security update for fwupd (Important)	2020-12-01
oval:org.opensuse.security:def:49616	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74938	P	Security update for fwupd (Important)	2020-12-01
oval:org.opensuse.security:def:50460	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:52065	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:63789	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:64863	P	Security update for wavpack (Low)	2020-12-01
oval:org.opensuse.security:def:50620	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:49698	P	libtag-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68452	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:50065	P	libapr-util1-dbd-mysql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50789	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52127	P	Security update for fwupd (Important)	2020-12-01
oval:com.redhat.rhsa:def:20204436	P	RHSA-2020:4436: gnome-software and fwupd security, bug fix, and enhancement update (Low)	2020-11-04
oval:org.opensuse.security:def:110600	P	Security update for fwupd (Important)	2020-06-22
oval:org.opensuse.security:def:104615	P	Security update for fwupd (Important)	2020-06-19
oval:org.opensuse.security:def:90960	P	Security update for fwupd (Important)	2020-06-19
oval:org.opensuse.security:def:75321	P	Security update for fwupd (Important)	2020-06-19
oval:org.opensuse.security:def:97521	P	Security update for fwupd (Important)	2020-06-19
oval:org.opensuse.security:def:97925	P	Security update for fwupd (Important)	2020-06-19
oval:org.opensuse.security:def:104211	P	Security update for fwupd (Important)	2020-06-19
oval:org.opensuse.security:def:90556	P	Security update for fwupd (Important)	2020-06-19

BACK