Lucene search

K
redhatcveRedhat.comRH:CVE-2020-28407
HistoryMay 25, 2021 - 2:57 p.m.

CVE-2020-28407

2021-05-2514:57:02
redhat.com
access.redhat.com
35

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

A flaw was found in swtpm. This flaw allows an attacker to create a symbolic link with the name of the temporary file (TMP2-00.permall for TPM 2) and have this point to a valuable file, which will get overwritten by swtpm. The success of the attack depends on the attacker having access to the TPM’s state directory (–tpmstate dir). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%