EUVD-2020-6611

Malware in sbrugna...

EUVD-2020-5081

Malware in sbrugna...

CVE-2020-12798

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen...

CVE-2020-11723

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction...

Cellebrite UFED Trust Management Issues Vulnerability (CNVD-2020-51755)

Cellebrite UFED is a universal forensic product from Cellebrite Israel. The product is mainly used for data extraction, transmission and analysis of devices. A security vulnerability exists in Cellebrite UFED versions 5.0 through 7.5.0.845. An attacker could exploit the vulnerability to access...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

Hardcoded credentials

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2020-14474

CVE-2020-14474 affects Cellebrite UFED 5.0–7.5.0.845. The vulnerability arises from hardcoded AES key material used for decryption, present both in executable code and in encrypted headers/files via a key enveloping technique. The recovered key material is identical across devices of the same sof...

Cellebrite EPR Decryption Hardcoded AES Key Material Vulnerability

The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of...

Cellebrite EPR Decryption Hardcoded AES Key Material

KL-001-2020-003 : Cellebrite EPR Decryption Relies on Hardcoded AES Key Material Title: Cellebrite EPR Decryption Relies on Hardcoded AES Key Material Advisory ID: KL-001-2020-003 Publication Date: 2020.06.29 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt 1...

Cellebrite EPR Decryption Relies on Hardcoded AES Key Material

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-321: Hardcoded Use of Cryptography Keys CVE ID: CVE-2020-14474 2. Vulnerability Description The Cellebrite UFED Physical device relies on...

CVE-2020-12798

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen...

CVE-2020-12798

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen...

Design/Logic Flaw

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen...

CVE-2020-12798

CVE-2020-12798 affects Cellebrite UFED, versions 5.0–7.5.0.845, on embedded Windows. The flaw stems from local OS policy controls that can be bypassed to obtain a command prompt via the Windows file dialog reachable through the Certificate-Based Authentication option in the Wireless Network Conne...

CVE-2020-12798

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen...

Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation

KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege Title: Cellebrite Restricted Desktop Escape and Escalation of User Privilege Advisory ID: KL-001-2020-002 Publication Date: 2020.05.14 Publication URL:...

Cellebrite Restricted Desktop Escape and Escalation of User Privilege

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-269: Improper Privilege Management, CWE-20: Input Validation Error CVE ID: CVE-2020-12798 2. Vulnerability Description Cellebrite UFED...

Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation Vulnerability

Cellebrite UFED device implements local operating system policies that can be circumvented to obtain a command prompt. From there privilege escalation is possible using public exploits. Versions 5.0 through 7.5.0.845 are affected. Title: Cellebrite Restricted Desktop Escape and Escalation of User...