Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2020-10059

Published: 11/05/2020 Updated: 05/06/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Zephyrproject

Vulnerability Summary

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zephyrproject zephyr 2.1.0

zephyrproject zephyr 2.2.0

References

CWE-295https://github.com/zephyrproject-rtos/zephyr/pull/24997https://github.com/zephyrproject-rtos/zephyr/pull/24954https://github.com/zephyrproject-rtos/zephyr/pull/24999https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook