4 matches found
CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...
Code injection
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...
CVE-2020-10059
CVE-2020-10059 affects Zephyr Project RTOS (2.1.0 and later) via the UpdateHub module, which disables DTLS peer checking. This enables a man-in-the-middle risk, mitigated by firmware signatures, with no shown exploit details in the documents. The issue sits with the UpdateHub component and is lin...
CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...