Published: 30/06/2020 Updated: 10/07/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Cellebrite UFED physical device 5.0 up to and including 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cellebrite ufed_firmware

The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique The recovered key material is the same for every device running the same version of the software and does not appear to be changed with ...

Full Disclosure mailing list archives   By Date By Thread </form>    KL-001-2020-003 : Cellebrite EPR Decryption Relies on Hardcoded AES Key Material  <!--X-Hea ...

CWE-798 https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt http://seclists.org/fulldisclosure/2020/Jun/31 http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html https://nvd.nist.gov https://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html

CVE-2020-14474

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect