CVE-2020-11933

EPSS 0.03%
Veröffentlicht 29.07.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 04:58:56
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Snapd Version < 2.45.2

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.10

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
security@ubuntu.com	7.3	0.9	5.8	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

https://launchpad.net/bugs/1879530

Third Party Advisory

https://ubuntu.com/USN-4424-1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11933

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11933

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11933

EUVD