CVE-2020-25860

{"id": "CVE-2020-25860", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2020-12-21T18:15:15.227", "references": [{"url": "https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv", "tags": ["Exploit", "Third Party Advisory"], "source": "vuln@vdoo.com"}, {"url": "https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework", "tags": ["Exploit", "Third Party Advisory"], "source": "vuln@vdoo.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "vuln@vdoo.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device."}, {"lang": "es", "value": "El m\u00f3dulo install.c en el cliente de actualizaci\u00f3n de Pengutronix RAUC versiones anteriores a 1.5, presenta una vulnerabilidad Time-of-Check Time-of-Use, donde la verificaci\u00f3n de la firma en un archivo de actualizaci\u00f3n toma lugar antes de que el archivo reabierto para la instalaci\u00f3n. Un atacante que pueda modificar el archivo de actualizaci\u00f3n justo antes de que se vuelva a abrir puede instalar c\u00f3digo arbitrario en el dispositivo"}], "lastModified": "2020-12-29T14:36:59.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pengutronix:rauc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43D4968A-EE56-46FC-8E96-497D5B385F1F", "versionEndExcluding": "1.5"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@vdoo.com"}