CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10059 – UpdateHub Module Explicitly Disables TLS Verification
https://notcve.org/view.php?id=CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. El módulo UpdateHub deshabilita la comprobación del peer DTLS, lo que permite un ataque de tipo man in the middle. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059 https://github.com/zephyrproject-rtos/zephyr/pull/24954 https://github.com/zephyrproject-rtos/zephyr/pull/24997 https://github.com/zephyrproject-rtos/zephyr/pull/24999 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10022 – UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array
https://notcve.org/view.php?id=CVE-2020-10022
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. Una carga útil JSON malformada que es recibida desde un servidor UpdateHub puede desencadenar una corrupción de la memoria en el Sistema Operativo Zephyr. Esto podría resultar en una denegación de servicio en el mejor de los casos, o una ejecución de código en el peor de los casos. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022 https://github.com/zephyrproject-rtos/zephyr/pull/24065 https://github.com/zephyrproject-rtos/zephyr/pull/24066 https://github.com/zephyrproject-rtos/zephyr/pull/24154 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •