CVE-2020-15309
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).
Se detectó un problema en wolfSSL versiones anteriores a 4.5.0, cuando no se emplea precisión simple. Unos atacantes locales pueden conducir un ataque de sincronización de caché contra operaciones de clave pública. Es posible que estos atacantes ya hayan obtenido información confidencial si el sistema afectado ha sido usado para operaciones de clave privada (por ejemplo, firmar con una clave privada).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-26 CVE Reserved
- 2020-08-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://arxiv.org/abs/2008.12188 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|