Описание
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*
cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00373
Низкий
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-295
CWE-295
Связанные уязвимости
github
больше 3 лет назад
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
EPSS
Процентиль: 58%
0.00373
Низкий
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-295
CWE-295