Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-03625

Опубликовано: 30 июл. 2020
Источник: fstec
CVSS3: 7.3
CVSS2: 4.6
EPSS Низкий

Описание

Уязвимость конфигурационного файла grub.cfg загрузчика операционных систем Grub2 связана с ошибками при нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Вендор

Microsoft Corp
Red Hat Inc.
Canonical Ltd.
Сообщество свободного программного обеспечения
ООО «РусБИТех-Астра»
Novell Inc.
Erich Boleyn
ООО «Ред Софт»
ФССП России
ООО «Юбитех»
АО «Концерн ВНИИНС»
АО «НТЦ ИТ РОСА»

Наименование ПО

Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Windows 10
Red Hat Enterprise Linux
Ubuntu
Windows 10 1607
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Debian GNU/Linux
Windows 10 1709
Windows 10 1803
Windows 10 1809
Windows Server 2019 (Server Core installation)
Astra Linux Special Edition
SUSE Linux Enterprise Server for SAP Applications
SUSE OpenStack Cloud
Windows 10 1903
Windows Server 1903
SUSE Linux Enterprise Module for Basesystem
SUSE Enterprise Storage
SUSE Linux Enterprise Point of Sale
Suse Linux Enterprise Server
SUSE Linux Enterprise Module for Open Buildservice Development Tools
SUSE Linux Enterprise Module for Server Applications
HPE Helion Openstack
Windows 10 1909
Windows Server 1909 (Server Core Installation)
SUSE Linux Enterprise High Performance Computing
Windows 10 2004
Windows Server 2004 (Server Core Installation)
Grub2
РЕД ОС
ОС ТД АИС ФССП России
UBLinux
ОС ОН «Стрелец»
ROSA Virtualization 3.0

Версия ПО

- (Windows 8.1)
- (Windows 8.1)
- (Windows Server 2012)
- (Windows Server 2012 R2)
- (Windows Server 2012)
- (Windows Server 2012 R2)
- (Windows RT 8.1)
- (Windows 10)
- (Windows 10)
7 (Red Hat Enterprise Linux)
16.04 LTS (Ubuntu)
- (Windows 10 1607)
- (Windows 10 1607)
- (Windows Server 2016)
7 (Red Hat Enterprise Linux)
16.04 LTS (Ubuntu)
- (Windows Server 2016)
- (Windows RT 8.1)
- (Windows Server 2012 R2 (Server Core installation))
9 (Debian GNU/Linux)
- (Windows 10 1709)
- (Windows 10 1709)
18.04 LTS (Ubuntu)
- (Windows 10 1803)
- (Windows 10 1803)
- (Windows 10 1809)
- (Windows 10 1809)
- (Windows Server 2019 (Server Core installation))
- (Windows 10 1809)
- (Windows 10 1709)
- (Windows 10 1803)
1.6 «Смоленск» (Astra Linux Special Edition)
12 SP2 (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
7 (SUSE OpenStack Cloud)
- (Windows 10 1903)
- (Windows 10 1903)
- (Windows 10 1903)
- (Windows Server 1903)
8 (Red Hat Enterprise Linux)
15 SP1 (SUSE Linux Enterprise Module for Basesystem)
5 (SUSE Enterprise Storage)
12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale)
12 SP2-BCL (Suse Linux Enterprise Server)
12 SP2-ESPOS (Suse Linux Enterprise Server)
15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
15 (SUSE Linux Enterprise Server for SAP Applications)
11 SP4-LTSS (Suse Linux Enterprise Server)
12 SP2-LTSS (Suse Linux Enterprise Server)
11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP3-LTSS (Suse Linux Enterprise Server)
15 SP1 (SUSE Linux Enterprise Module for Server Applications)
14.04 ESM (Ubuntu)
8 (SUSE OpenStack Cloud)
12 SP3-BCL (Suse Linux Enterprise Server)
12 SP5 (Suse Linux Enterprise Server)
12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications)
12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
8 (Debian GNU/Linux)
Crowbar 8 (SUSE OpenStack Cloud)
10 (Debian GNU/Linux)
8 (HPE Helion Openstack)
12 SP3-ESPOS (Suse Linux Enterprise Server)
12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
- (Windows 10 1909)
- (Windows 10 1909)
- (Windows 10 1909)
- (Windows Server 1909 (Server Core Installation))
9 (SUSE OpenStack Cloud)
15-ESPOS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (Suse Linux Enterprise Server)
Crowbar 9 (SUSE OpenStack Cloud)
8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux)
15 SP2 (SUSE Linux Enterprise Module for Basesystem)
20.04 LTS (Ubuntu)
15 SP2 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
15 SP2 (SUSE Linux Enterprise Module for Server Applications)
- (Windows 10 2004)
- (Windows 10 2004)
- (Windows 10 2004)
- (Windows Server 2004 (Server Core Installation))
8.1 Extended Update Support (Red Hat Enterprise Linux)
12 SP4 LTSS (Suse Linux Enterprise Server)
12 SP4-ESPOS (Suse Linux Enterprise Server)
12 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications)
12 SP4-ESPOS (SUSE Linux Enterprise Server for SAP Applications)
до 2.06 (Grub2)
7.3 (РЕД ОС)
ИК6 (ОС ТД АИС ФССП России)
до 2204 (UBLinux)
до 16.01.2023 (ОС ОН «Стрелец»)
3.0 (ROSA Virtualization 3.0)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Microsoft Corp Windows 8.1 -
Microsoft Corp Windows 8.1 -
Microsoft Corp Windows Server 2012 -
Microsoft Corp Windows Server 2012 R2 -
Microsoft Corp Windows Server 2012 -
Microsoft Corp Windows Server 2012 R2 -
Microsoft Corp Windows RT 8.1 -
Microsoft Corp Windows 10 -
Microsoft Corp Windows 10 -
Red Hat Inc. Red Hat Enterprise Linux 7
Canonical Ltd. Ubuntu 16.04 LTS
Microsoft Corp Windows 10 1607 -
Microsoft Corp Windows 10 1607 -
Microsoft Corp Windows Server 2016 -
Red Hat Inc. Red Hat Enterprise Linux 7
Canonical Ltd. Ubuntu 16.04 LTS
Microsoft Corp Windows Server 2016 -
Microsoft Corp Windows RT 8.1 -
Microsoft Corp Windows Server 2012 R2 (Server Core installation) -
Сообщество свободного программного обеспечения Debian GNU/Linux 9
Microsoft Corp Windows 10 1709 -
Microsoft Corp Windows 10 1709 -
Canonical Ltd. Ubuntu 18.04 LTS
Microsoft Corp Windows 10 1803 -
Microsoft Corp Windows 10 1803 -
Microsoft Corp Windows 10 1809 -
Microsoft Corp Windows 10 1809 -
Microsoft Corp Windows Server 2019 (Server Core installation) -
Microsoft Corp Windows 10 1809 -
Microsoft Corp Windows 10 1709 -
Microsoft Corp Windows 10 1803 -
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.6 «Смоленск»
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Microsoft Corp Windows 10 1903 -
Microsoft Corp Windows 10 1903 -
Microsoft Corp Windows 10 1903 -
Microsoft Corp Windows Server 1903 -
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS
Canonical Ltd. Ubuntu 14.04 ESM
Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Сообщество свободного программного обеспечения Debian GNU/Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-ESPOS
Microsoft Corp Windows 10 1909 -
Microsoft Corp Windows 10 1909 -
Microsoft Corp Windows 10 1909 -
Microsoft Corp Windows Server 1909 (Server Core Installation) -
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Canonical Ltd. Ubuntu 20.04 LTS
Microsoft Corp Windows 10 2004 -
Microsoft Corp Windows 10 2004 -
Microsoft Corp Windows 10 2004 -
Microsoft Corp Windows Server 2004 (Server Core Installation) -
Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support
Novell Inc. Suse Linux Enterprise Server 12 SP4 LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-LTSS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4-ESPOS
Erich Boleyn Grub2 до 2.06
ООО «Ред Софт» РЕД ОС 7.3
ФССП России ОС ТД АИС ФССП России ИК6
ООО «Юбитех» UBLinux до 2204
АО «Концерн ВНИИНС» ОС ОН «Стрелец» до 16.01.2023

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,5)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,3)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для программных продуктов Microsoft Corp.:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-10713/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-10713
Для Ubuntu:
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10713.html?_ga=2.63284271.1820037818.1596178505-1110852722.1596178505
Для Astra Linux:
Обновление программного обеспечения (пакета grub2) до 2.02+dfsg1-20+deb10u1 или более поздней версии
Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
Для Debian:
Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-10713
Для Ред ОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС ТД АИС ФССП России:
https://goslinux.fssp.gov.ru/2726972/
Для UBLinux:
https://security.ublinux.ru/CVE-2020-10713
Для ОС ОН «Стрелец»:
Обновление программного обеспечения grub2 до версии 2.06-3~deb10u2.osnova9.strelets
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2683

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 49%
0.00259
Низкий

7.3 High

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2020-10713

CVSS3: 8.2
ubuntu
больше 5 лет назад

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

redhat логотип

CVE-2020-10713

CVSS3: 8.2
redhat
больше 5 лет назад

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

nvd логотип

CVE-2020-10713

CVSS3: 8.2
nvd
больше 5 лет назад

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

msrc логотип

CVE-2020-10713

CVSS3: 8.2
msrc
больше 5 лет назад

A flaw was found in grub2 prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel an attacker would first need to establish access to the system such as gaining physical access obtain the ability to alter a pxe-boot network or have remote access to a networked system with root access. With this access an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian логотип

CVE-2020-10713

CVSS3: 8.2
debian
больше 5 лет назад

A flaw was found in grub2, prior to version 2.06. An attacker may use ...

EPSS

Процентиль: 49%
0.00259
Низкий

7.3 High

CVSS3

4.6 Medium

CVSS2