← voltar
CVE-2020-10759

CVE-2020-10759

EPSS 0.5%CWE-347
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 set 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Produtos afetados
n/a · fwupd

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=1844316https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md