Vulnerability CVE-2020-27208

Vulnerability Name:

CVE-2020-27208 (CCN-202238)

Assigned:

2020-10-19

Published:

2020-10-19

Updated:

2021-05-28

Summary:

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.

CVSS v3 Severity:

6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Physical Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:P)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Partial

Vulnerability Type:

CWE-326

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2020-27208

Source: MISC
Type: Third Party Advisory
https://eprint.iacr.org/2021/640

Source: XF
Type: UNKNOWN
solokeys-cve202027208-sec-bypass(202238)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec

Source: MISC
Type: Product
https://solokeys.com

Source: CCN
Type: SoloKeys Web site
Solo and Somu

Source: MISC
Type: Product
https://twitter.com/SoloKeysSec

Source: MISC
Type: Third Party Advisory
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html

Source: CCN
Type: Fraunhofer Web page
Shedding too much Light on a Microcontroller's Firmware Protection

Source: MISC
Type: Exploit, Third Party Advisory
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

Source: CCN
Type: Nitrokey Web site
Nitrokey FIDO2

Vulnerable Configuration:

Configuration 1:

cpe:/o:solokeys:solo_firmware:4.0.0:*:*:*:*:*:*:*

AND

cpe:/h:solokeys:solo:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:solokeys:somu_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:solokeys:somu:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:nitrokey:fido2_firmware:-:*:*:*:*:*:*:*

AND

cpe:/h:nitrokey:fido2:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:110964	P	Security update for solo (Moderate)	2021-07-10
oval:org.opensuse.security:def:96407	P	Security update for solo (Moderate)	2021-07-10
oval:org.opensuse.security:def:111483	P	Security update for solo (Moderate)	2021-07-10
oval:org.opensuse.security:def:103097	P	Security update for solo (Moderate)	2021-07-10
oval:org.opensuse.security:def:109754	P	Security update for solo (Moderate)	2021-07-10
oval:org.opensuse.security:def:11097	P	Security update for solo (Moderate)	2021-07-10

BACK