FKIE_CVE-2020-25860

Vulnerability from fkie_nvd - Published: 2020-12-21 18:15 - Updated: 2024-11-21 05:18
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
References
vuln@vdoo.comhttps://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vvExploit, Third Party Advisory
vuln@vdoo.comhttps://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-frameworkExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vvExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-frameworkExploit, Third Party Advisory
Impacted products
Vendor Product Version
pengutronix rauc *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pengutronix:rauc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D4968A-EE56-46FC-8E96-497D5B385F1F",
              "versionEndExcluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo install.c en el cliente de actualizaci\u00f3n de Pengutronix RAUC versiones anteriores a 1.5, presenta una vulnerabilidad Time-of-Check Time-of-Use, donde la verificaci\u00f3n de la firma en un archivo de actualizaci\u00f3n toma lugar antes de que el archivo reabierto para la instalaci\u00f3n.\u0026#xa0;Un atacante que pueda modificar el archivo de actualizaci\u00f3n justo antes de que se vuelva a abrir puede instalar c\u00f3digo arbitrario en el dispositivo"
    }
  ],
  "id": "CVE-2020-25860",
  "lastModified": "2024-11-21T05:18:55.440",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T18:15:15.227",
  "references": [
    {
      "source": "vuln@vdoo.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
    },
    {
      "source": "vuln@vdoo.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework"
    }
  ],
  "sourceIdentifier": "vuln@vdoo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "vuln@vdoo.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.