CVE-2020-27208

Published at:
2021-05-21T12:15:07.663
Source: [email protected]

Global infos:

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.

CVE Status: Modified

References:

  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorPHYSICAL
    Availability ImpactHIGH
    Base Score6.8
    Base SeverityMEDIUM
    Confidentiality ImpactHIGH
    Integrity ImpactHIGH
    Privileges RequiredNONE
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Exploitability Score0.9
    Impact Score5.9
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords