// For flags

CVE-2020-15309

 

Severity Score

7
*CVSS v3.1

Exploit Likelihood

< 1%
*EPSS

Affected Versions

1
*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).

Se detectó un problema en wolfSSL versiones anteriores a 4.5.0, cuando no se emplea precisión simple. Unos atacantes locales pueden conducir un ataque de sincronización de caché contra operaciones de clave pública. Es posible que estos atacantes ya hayan obtenido información confidencial si el sistema afectado ha sido usado para operaciones de clave privada (por ejemplo, firmar con una clave privada).

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-26 CVE Reserved
  • 2020-08-21 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (2)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions (1)