10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.5%
DESCRIPTION
Possibly exploitable vulnerability was found in Unified Config Interface (UCI) library named libuci, specifically in uci_import() C API function.
CVE-2020-28951 has been assigned to this issue.
*[API]: Application Programming Interface
REQUIREMENTS
In order to exploit this vulnerability a malicious attacker would need to provide specially crafted config file to uci_import() C API function. For example, this is possible with UCI CLI by following shell command:
uci import -f malicious.config
*[API]: Application Programming Interface
MITIGATIONS
To fix this issue, update the affected libuci package using the command below.
opkg update; opkg upgrade libuci
The fix is contained in the following and later versions:
OpenWrt 19.07: 19.07.5 (fixed by v19.07.4-19-g78c4c04dd797)
OpenWrt 18.06: 18.06.9 (fixed by v18.06.8-83-g5625f5bc3695)
OpenWrt master: 2020-10-27 (fixed by reboot-14782-g095cc2b7454a)
AFFECTED VERSIONS
To our knowledge, OpenWrt versions 18.06.0 to 18.06.8 and versions 19.07.0 to 19.07.4 are affected. The fixed packages will be integrated in the upcoming OpenWrt 18.06.9 and OpenWrt 19.07.5 releases. Older versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.
CREDITS
This issue was identified by Jeremy Galindo, fixed by Petr Ε tetiar and Hauke Mehrtens.
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.5%