admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-280xx/CVE-2020-28045.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

106 lines
3.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-28045",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-11-02T21:15:31.557",
"lastModified": "2020-11-19T15:57:34.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de biblioteca sin firmar en ProlinOS versiones hasta 2.4.161.8859R. Este SO requiere que las aplicaciones instaladas y todos los archivos binarios del sistema est\u00e9n firmados por el fabricante o por el desarrollador y distribuidor de la aplicaci\u00f3n Point Of Sale. La firma es una firma RSA de 2048 bytes verificada en el kernel antes de la ejecuci\u00f3n de ELF. Sin embargo, las bibliotecas compartidas no requieren estar firmadas y no son verificadas. Un atacante puede ejecutar un binario personalizado compil\u00e1ndolo como un objeto compartido y carg\u00e1ndolo por medio de LD_PRELOAD"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2
},
"baseSeverity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:pax:prolinos:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.161.8859r",
"matchCriteriaId": "57BF4F11-4865-4E32-ABB0-0E7F3033761F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.lsd.cat/g/pax-pwn",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink