Lucene search

[email protected]CVE-2020-20949

HistoryJan 20, 2021 - 4:15 p.m.

CVE-2020-20949

2021-01-2016:15:14

CWE-327

[email protected]

web.nvd.nist.gov

cve-2020-20949

bleichenbacher's attack

pkcs #1 v1.5 padding

rsa

stm32

cryptographic firmware

library

software expansion

um1924

vulnerability

remote information disclosure

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Bleichenbacher’s attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher’s oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Affected configurations

NVD

Node

ststm32cubef0Match-

ststm32cubef1Match-

ststm32cubef2Match-

ststm32cubef3Match-

ststm32cubef4Match-

ststm32cubef7Match-

ststm32cubeg0Match-

ststm32cubeg4Match-

ststm32cubeh7Match-

ststm32cubeideMatch-

ststm32cubel0Match-

ststm32cubel1Match-

ststm32cubel4Match-

ststm32cubel4\+Match-

ststm32cubel5Match-

ststm32cubemonitorMatch-

ststm32cubemp1Match-

ststm32cubemxMatch-

ststm32cubeprogrammerMatch-

ststm32cubewbMatch-

ststm32cubewlMatch-

Node

ietfpublic_key_cryptography_standards_\#1Match1.5

CPENameOperatorVersion
st:stm32cubef0st stm32cubef0eq-
st:stm32cubef1st stm32cubef1eq-
st:stm32cubef2st stm32cubef2eq-
st:stm32cubef3st stm32cubef3eq-
st:stm32cubef4st stm32cubef4eq-
st:stm32cubef7st stm32cubef7eq-
st:stm32cubeg0st stm32cubeg0eq-
st:stm32cubeg4st stm32cubeg4eq-
st:stm32cubeh7st stm32cubeh7eq-
st:stm32cubeidest stm32cubeideeq-

CPE	Name	Operator	Version
st:stm32cubef0	st stm32cubef0	eq	-
st:stm32cubef1	st stm32cubef1	eq	-
st:stm32cubef2	st stm32cubef2	eq	-
st:stm32cubef3	st stm32cubef3	eq	-
st:stm32cubef4	st stm32cubef4	eq	-
st:stm32cubef7	st stm32cubef7	eq	-
st:stm32cubeg0	st stm32cubeg0	eq	-
st:stm32cubeg4	st stm32cubeg4	eq	-
st:stm32cubeh7	st stm32cubeh7	eq	-
st:stm32cubeide	st stm32cubeide	eq	-

Rows per page:

1-10 of 211

References

archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf

st.com

x-cube-cryptolib.com

bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb

www.st.com/en/embedded-software/x-cube-cryptolib.html

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2020-20949

prion1 nvd1 cvelist1