5.9
CVE-2020-20949
- EPSS 0.28%
- Published 20.01.2021 16:15:14
- Last modified 21.11.2024 05:12:19
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Data is provided by the National Vulnerability Database (NVD)
St ≫ Stm32cubef0 Version-
St ≫ Stm32cubef1 Version-
St ≫ Stm32cubef2 Version-
St ≫ Stm32cubef3 Version-
St ≫ Stm32cubef4 Version-
St ≫ Stm32cubef7 Version-
St ≫ Stm32cubeg0 Version-
St ≫ Stm32cubeg4 Version-
St ≫ Stm32cubeh7 Version-
St ≫ Stm32cubeide Version-
St ≫ Stm32cubel0 Version-
St ≫ Stm32cubel1 Version-
St ≫ Stm32cubel4 Version-
St ≫ Stm32cubel4+ Version-
St ≫ Stm32cubel5 Version-
St ≫ Stm32cubemonitor Version-
St ≫ Stm32cubemp1 Version-
St ≫ Stm32cubemx Version-
St ≫ Stm32cubeprogrammer Version-
St ≫ Stm32cubewb Version-
St ≫ Stm32cubewl Version-
Ietf ≫ Public Key Cryptography Standards #1 Version1.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.484 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.