Lucene search
K

4 matches found

NVD
NVD
added 2020/05/11 11:15 p.m.15 views

CVE-2020-10059

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...

5.8CVSS5.8AI score0.01181EPSS
Exploits0References5
Prion
Prion
added 2020/05/11 11:15 p.m.19 views

Code injection

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...

5.8CVSS5.6AI score0.01181EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/05/11 10:26 p.m.82 views

CVE-2020-10059

CVE-2020-10059 affects Zephyr Project RTOS (2.1.0 and later) via the UpdateHub module, which disables DTLS peer checking. This enables a man-in-the-middle risk, mitigated by firmware signatures, with no shown exploit details in the documents. The issue sits with the UpdateHub component and is lin...

5.8CVSS5.8AI score0.01181EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/05/11 10:26 p.m.28 views

CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...

4.8CVSS6.2AI score0.01181EPSS
Exploits0References5
Rows per page
Query Builder