Lucene search

CVE-2020-10759

🗓️ 15 Sep 2020 19:12:15Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 231 Views

A PGP signature bypass flaw in fwupd (all versions) can lead to installing unsigned firmware

Reporter	Title	Published	Views	Family All 51
Tenable Nessus	Fedora 31 : fwupd (2020-ad1c74c2a1)	26 Jun 202000:00	–	nessus
Tenable Nessus	CentOS 8 : gnome-software and fwupd (CESA-2020:4436)	1 Feb 202100:00	–	nessus
Tenable Nessus	GLSA-202007-04 : fwupd, libjcat: Multiple vulnerabilities	27 Jul 202000:00	–	nessus
Tenable Nessus	Fedora 32 : libjcat (2020-eec60309f2)	17 Jun 202000:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : fwupd vulnerability (USN-4395-1)	17 Jun 202000:00	–	nessus
Tenable Nessus	openSUSE Security Update : fwupd (openSUSE-2020-849)	20 Jul 202000:00	–	nessus
Tenable Nessus	AlmaLinux 8 : gnome-software and fwupd (ALSA-2020:4436)	9 Feb 202200:00	–	nessus
Tenable Nessus	RHEL 7 : fwupd (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : fwupd (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	Debian DLA-2274-1 : fwupd security update	10 Jul 202000:00	–	nessus

Nvd

Node

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

[
  {
    "product": "fwupd",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all verions of fwupd"
      }
    ]
  }
]

Source	Link
github	www.github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Sep 2020 19:15Current

5.8Medium risk

Vulners AI Score5.8

CVSS23.3

CVSS36

EPSS0.00042

CWE-347