Lucene search

ZephyrCVELIST:CVE-2020-13599

HistoryMay 24, 2021 - 9:40 p.m.

CVE-2020-13599 Security problem with settings and littlefs

2021-05-2421:40:27

CWE-276

zephyr

www.cve.org

security problem

settings

littlefs

zephyr

versions

incorrect default permissions

cwe-276

advisory

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.14.2",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q

www.talosintelligence.com/vulnerability_reports/TALOS-2020-1199

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-13599