nvd-json-data-feeds/CVE-2018/CVE-2018-10002xx/CVE-2018-1000205.json

{
  "id": "CVE-2018-1000205",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-06-26T16:29:00.307",
  "lastModified": "2020-10-22T14:01:31.357",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality."
    },
    {
      "lang": "es",
      "value": "U-Boot contiene una vulnerabilidad CWE-20: validaci\u00f3n de entradas incorrecta en la validaci\u00f3n de firma de arranque verificada que puede resultar en un arranque con la verificaci\u00f3n omitida. Este ataque parece ser explotable mediante una imagen FIT especialmente manipulada y una funcionalidad especial de la memoria del dispositivo."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2018.07",
              "matchCriteriaId": "F35CB70F-CD3F-4E4B-A967-40D090F9E070"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.denx.de/pipermail/u-boot/2018-June/330454.html",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://lists.denx.de/pipermail/u-boot/2018-June/330898.html",
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Mailing List",
        "Vendor Advisory"
      ]
    }
  ]
}