CVE-2020-25860 (GCVE-0-2020-25860)

Vulnerability from cvelistv5 – Published: 2020-12-21 17:23 – Updated: 2024-08-04 15:49
VLAI?
Summary
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
Severity ?
No CVSS data available.
CWE
  • CWE-367 - Time-of-Check Time-of-Use (CWE-367)
Assigner
References
Impacted products
Vendor Product Version
n/a Pengutronix RAUC Affected: All versions before 1.5
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:05.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pengutronix RAUC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions before 1.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "Time-of-Check Time-of-Use (CWE-367)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T17:23:27",
        "orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
        "shortName": "VDOO"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@vdoo.com",
          "ID": "CVE-2020-25860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pengutronix RAUC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions before 1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Time-of-Check Time-of-Use (CWE-367)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv",
              "refsource": "MISC",
              "url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
            },
            {
              "name": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework",
              "refsource": "MISC",
              "url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24",
    "assignerShortName": "VDOO",
    "cveId": "CVE-2020-25860",
    "datePublished": "2020-12-21T17:23:27",
    "dateReserved": "2020-09-23T00:00:00",
    "dateUpdated": "2024-08-04T15:49:05.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pengutronix:rauc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.5\", \"matchCriteriaId\": \"43D4968A-EE56-46FC-8E96-497D5B385F1F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo install.c en el cliente de actualizaci\\u00f3n de Pengutronix RAUC versiones anteriores a 1.5, presenta una vulnerabilidad Time-of-Check Time-of-Use, donde la verificaci\\u00f3n de la firma en un archivo de actualizaci\\u00f3n toma lugar antes de que el archivo reabierto para la instalaci\\u00f3n.\u0026#xa0;Un atacante que pueda modificar el archivo de actualizaci\\u00f3n justo antes de que se vuelva a abrir puede instalar c\\u00f3digo arbitrario en el dispositivo\"}]",
      "id": "CVE-2020-25860",
      "lastModified": "2024-11-21T05:18:55.440",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.7, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:S/C:C/I:C/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-21T18:15:15.227",
      "references": "[{\"url\": \"https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv\", \"source\": \"vuln@vdoo.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework\", \"source\": \"vuln@vdoo.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "vuln@vdoo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"vuln@vdoo.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-367\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-367\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-25860\",\"sourceIdentifier\":\"vuln@vdoo.com\",\"published\":\"2020-12-21T18:15:15.227\",\"lastModified\":\"2024-11-21T05:18:55.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo install.c en el cliente de actualizaci\u00f3n de Pengutronix RAUC versiones anteriores a 1.5, presenta una vulnerabilidad Time-of-Check Time-of-Use, donde la verificaci\u00f3n de la firma en un archivo de actualizaci\u00f3n toma lugar antes de que el archivo reabierto para la instalaci\u00f3n.\u0026#xa0;Un atacante que pueda modificar el archivo de actualizaci\u00f3n justo antes de que se vuelva a abrir puede instalar c\u00f3digo arbitrario en el dispositivo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:C/I:C/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"vuln@vdoo.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pengutronix:rauc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.5\",\"matchCriteriaId\":\"43D4968A-EE56-46FC-8E96-497D5B385F1F\"}]}]}],\"references\":[{\"url\":\"https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv\",\"source\":\"vuln@vdoo.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework\",\"source\":\"vuln@vdoo.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.