7.5

CVE-2020-14474

Exploit

EPSS 1.45%
Veröffentlicht 30.06.2020 19:15:11
Zuletzt bearbeitet 21.11.2024 05:03:20
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cellebrite ≫ Ufed Firmware Version >= 5.0 <= 7.5.0.845

Cellebrite ≫ Ufed Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.45%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2020/Jun/31

Third Party Advisory

Exploit

Mailing List

https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-14474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14474

EUVD