Lucene search

MitreCVE-2020-20950

HistoryJan 19, 2021 - 1:15 p.m.

CVE-2020-20950

2021-01-1913:15:11

CWE-327

mitre

web.nvd.nist.gov

cve-2020-20950

bleichenbacher's attack

pkcs #1 v1.5

rsa

microchip

vulnerability

remote information disclosure

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

71.7%

JSON

Bleichenbacher’s attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher’s oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Affected configurations

Nvd

Node

ietfpublic_key_cryptography_standards_\#1Match1.5

Node

microchipmicrochip_libraries_for_applicationsRange≤2018-11-26

AND

applemacosMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
ietfpublic_key_cryptography_standards_\#11.5cpe:2.3:a:ietf:public_key_cryptography_standards_\#1:1.5:*:*:*:*:*:*:*
microchipmicrochip_libraries_for_applications*cpe:2.3:a:microchip:microchip_libraries_for_applications:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ietf	public_key_cryptography_standards_\#1	1.5	cpe:2.3:a:ietf:public_key_cryptography_standards_\#1:1.5:::::::*
microchip	microchip_libraries_for_applications	*	cpe:2.3:a:microchip:microchip_libraries_for_applications::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf

microchip.com

bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb

www.microchip.com/mplab/microchip-libraries-for-applications

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

71.7%

JSON

Related for CVE-2020-20950