Vulnerability-Lookup

CVE-2020-10713 (GCVE-0-2020-10713)

Vulnerability from cvelistv5 – Published: 2020-07-30 12:58 – Updated: 2024-08-04 11:14

Summary

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity

No CVSS data available.

CWE

Out-of-bounds Write leading to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

redhat

References

13 references

URL	Tags
https://www.debian.org/security/2020/dsa-4735	vendor-advisoryx_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2020/07/29/3	mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1825243	x_refsource_MISC
https://www.kb.cert.org/vuls/id/174059	third-party-advisoryx_refsource_CERT-VN
https://security.netapp.com/advisory/ntap-2020073…	x_refsource_CONFIRM
https://usn.ubuntu.com/4432-1/	vendor-advisoryx_refsource_UBUNTU
https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://eclypsium.com/2020/07/29/theres-a-hole-in…	x_refsource_MISC
https://kb.vmware.com/s/article/80181	x_refsource_MISC
https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713	x_refsource_MISC
https://security.gentoo.org/glsa/202104-05	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
n/a	Grub	Affected: All grub2 versions before 2.06

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:14.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4735",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4735"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"
          },
          {
            "name": "VU#174059",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/174059"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "20200804 GRUB2 Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"
          },
          {
            "name": "openSUSE-SU-2020:1169",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:1168",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.vmware.com/s/article/80181"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Grub",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All grub2 versions before 2.06"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds Write leading to Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-01T01:08:06.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-4735",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4735"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"
        },
        {
          "name": "VU#174059",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/174059"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "20200804 GRUB2 Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"
        },
        {
          "name": "openSUSE-SU-2020:1169",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:1168",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.vmware.com/s/article/80181"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-10713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Grub",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All grub2 versions before 2.06"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Write leading to Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4735",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4735"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243"
            },
            {
              "name": "VU#174059",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/174059"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "20200804 GRUB2 Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"
            },
            {
              "name": "openSUSE-SU-2020:1169",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:1168",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
            },
            {
              "name": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "MISC",
              "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://kb.vmware.com/s/article/80181",
              "refsource": "MISC",
              "url": "https://kb.vmware.com/s/article/80181"
            },
            {
              "name": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713",
              "refsource": "MISC",
              "url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10713",
    "datePublished": "2020-07-30T12:58:30.000Z",
    "dateReserved": "2020-03-20T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:14:14.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-10713",
      "date": "2026-05-30",
      "epss": "0.00369",
      "percentile": "0.59084"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-10713\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-07-30T13:15:10.940\",\"lastModified\":\"2024-11-21T04:55:54.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en grub2, versiones anteriores a 2.06. Un atacante puede usar el fallo de GRUB 2 para secuestrar y manipular el proceso de verificaci\u00f3n de GRUB. Este fallo tambi\u00e9n permite omitir las protecciones de Secure Boot. A fin de cargar un kernel no confiable o modificado, un atacante primero necesitar\u00eda establecer acceso al sistema, tal y como conseguir acceso f\u00edsico, obtener la capacidad de alterar una red pxe-boot o tener acceso remoto a un sistema de red con acceso root. Con este acceso, un atacante podr\u00eda dise\u00f1ar una cadena para causar un desbordamiento del b\u00fafer al inyectar una carga \u00fatil maliciosa que conlleve a una ejecuci\u00f3n de c\u00f3digo arbitraria dentro de GRUB. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.06\",\"matchCriteriaId\":\"01F8D62F-70BB-4718-A095-D68540C17EEA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:photon_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"742D1040-10F3-4680-86FE-5588B69ECF98\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/07/29/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1825243\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://kb.vmware.com/s/article/80181\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202104-05\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200731-0008/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4432-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4735\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/174059\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/07/29/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1825243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://kb.vmware.com/s/article/80181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202104-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200731-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4432-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4735\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/174059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

SUSE-SU-2020:2629-1

Vulnerability from csaf_suse - Published: 2020-09-14 16:12 - Updated: 2020-09-14 16:12

Summary

Security update for shim

Severity

Moderate

Notes

Title of the patch: Security update for shim

Description of the patch: This update for shim fixes the following issues: This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)

Patchnames: SUSE-2020-2629,SUSE-SLE-Module-Basesystem-15-SP1-2020-2629,SUSE-SLE-Module-Basesystem-15-SP2-2020-2629

CVE-2020-10713

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:shim-15+git47-3.8.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:shim-15+git47-3.8.1.x86_64		—	Vendor Fix

Threats

Impact important

References

19 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1113225	self
https://bugzilla.suse.com/1121268	self
https://bugzilla.suse.com/1153953	self
https://bugzilla.suse.com/1168104	self
https://bugzilla.suse.com/1168994	self
https://bugzilla.suse.com/1173411	self
https://bugzilla.suse.com/1174320	self
https://bugzilla.suse.com/1175626	self
https://bugzilla.suse.com/1175656	self
https://www.suse.com/security/cve/CVE-2020-10713/	self
https://www.suse.com/security/cve/CVE-2020-10713	external
https://bugzilla.suse.com/1168994	external
https://bugzilla.suse.com/1173456	external
https://bugzilla.suse.com/1173812	external
https://bugzilla.suse.com/1199353	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for shim",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for shim fixes the following issues:\n\nThis update addresses the \u0027BootHole\u0027 security issue (master CVE CVE-2020-10713), by\ndisallowing binaries signed by the previous SUSE UEFI signing key from booting.\n\nThis update should only be installed after updates of grub2, the Linux kernel and (if used)\nXen from July / August 2020 are applied.\n\n\nChanges:\n\nUse vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)\n\n+ Add dbx-cert.tar.xz which contains the certificates to block\n  and a script, generate-vendor-dbx.sh, to generate\n  vendor-dbx.bin\n+ Add vendor-dbx.bin as the vendor dbx to block unwanted keys\n\n\n- Update the path to grub-tpm.efi in shim-install (bsc#1174320)\n- Only check EFI variable copying when Secure Boot is enabled (bsc#1173411)\n- Use the full path of efibootmgr to avoid errors when invoking\n  shim-install from packagekitd (bsc#1168104)\n- shim-install: add check for btrfs is used as root file system to enable\n  relative path lookup for file. (bsc#1153953) \n- shim-install: install MokManager to \\EFI\\boot to process the\n  pending MOK request (bsc#1175626, bsc#1175656)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-2629,SUSE-SLE-Module-Basesystem-15-SP1-2020-2629,SUSE-SLE-Module-Basesystem-15-SP2-2020-2629",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2629-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:2629-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202629-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:2629-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007421.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113225",
        "url": "https://bugzilla.suse.com/1113225"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1121268",
        "url": "https://bugzilla.suse.com/1121268"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1153953",
        "url": "https://bugzilla.suse.com/1153953"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168104",
        "url": "https://bugzilla.suse.com/1168104"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168994",
        "url": "https://bugzilla.suse.com/1168994"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173411",
        "url": "https://bugzilla.suse.com/1173411"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174320",
        "url": "https://bugzilla.suse.com/1174320"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175626",
        "url": "https://bugzilla.suse.com/1175626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175656",
        "url": "https://bugzilla.suse.com/1175656"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-10713 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-10713/"
      }
    ],
    "title": "Security update for shim",
    "tracking": {
      "current_release_date": "2020-09-14T16:12:03Z",
      "generator": {
        "date": "2020-09-14T16:12:03Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:2629-1",
      "initial_release_date": "2020-09-14T16:12:03Z",
      "revision_history": [
        {
          "date": "2020-09-14T16:12:03Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shim-15+git47-3.8.1.x86_64",
                "product": {
                  "name": "shim-15+git47-3.8.1.x86_64",
                  "product_id": "shim-15+git47-3.8.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shim-15+git47-3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:shim-15+git47-3.8.1.x86_64"
        },
        "product_reference": "shim-15+git47-3.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shim-15+git47-3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:shim-15+git47-3.8.1.x86_64"
        },
        "product_reference": "shim-15+git47-3.8.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-10713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-10713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:shim-15+git47-3.8.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:shim-15+git47-3.8.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-10713",
          "url": "https://www.suse.com/security/cve/CVE-2020-10713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168994 for CVE-2020-10713",
          "url": "https://bugzilla.suse.com/1168994"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173456 for CVE-2020-10713",
          "url": "https://bugzilla.suse.com/1173456"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173812 for CVE-2020-10713",
          "url": "https://bugzilla.suse.com/1173812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199353 for CVE-2020-10713",
          "url": "https://bugzilla.suse.com/1199353"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:shim-15+git47-3.8.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:shim-15+git47-3.8.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:shim-15+git47-3.8.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:shim-15+git47-3.8.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-14T16:12:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-10713"
    }
  ]
}

WID-SEC-W-2022-0553

Vulnerability from csaf_certbund - Published: 2020-07-29 22:00 - Updated: 2025-04-09 22:00

Summary

Grub2: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts. Windows ist ein Betriebssystem von Microsoft. Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. SUSE Linux ist eine Linux-Distribution bzw. Open Source Plattform. Ubuntu Linux ist die Linux Distribution des Herstellers Canonical. Debian ist eine Linux-Distribution, die ausschließlich Freie Software enthält.

Angriff: Ein lokaler Angreifer mit Administratorrechten oder physischem Zugriff auf das Gerät, kann mehrere Schwachstellen in Grub2 ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2020-10713

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-14308

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-14309

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-14310

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-14311

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-15705

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-15706

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

CVE-2020-15707

Affected products

Known affected 19 products

Product	Identifier	Version
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:10.04:-:lts`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Cisco Router Cisco	`cpe:/h:cisco:router:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Aruba ArubaOS Aruba	`cpe:/o:arubanetworks:arubaos:-`	—
Open Source Grub Open Source	`cpe:/a:gnu:grub:-`	—
PaloAlto Networks PAN-OS PaloAlto Networks	`cpe:/o:paloaltonetworks:pan-os:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Cisco Identity Services Engine (ISE) Cisco	`cpe:/a:cisco:identity_services_engine_software:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Microsoft Windows Microsoft	`cpe:/o:microsoft:windows:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
IBM Security Guardium 11.5 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:11.5`	11.5

References

50 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://portal.msrc.microsoft.com/de-DE/security-…	external
https://access.redhat.com/errata/RHSA-2020:3216	external
https://access.redhat.com/errata/RHSA-2020:3217	external
https://access.redhat.com/errata/RHSA-2020:3227	external
https://access.redhat.com/errata/RHSA-2020:3223	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
https://usn.ubuntu.com/4432-1/	external
https://www.debian.org/security/2020/dsa-4735	external
https://www.huawei.com/en/psirt/security-notices/…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://access.redhat.com/errata/RHSA-2020:3273	external
https://access.redhat.com/errata/RHSA-2020:3275	external
https://access.redhat.com/errata/RHSA-2020:3276	external
https://access.redhat.com/errata/RHSA-2020:3274	external
https://access.redhat.com/errata/RHSA-2020:3271	external
https://ubuntu.com/security/notices/USN-4432-2	external
https://tools.cisco.com/security/center/content/C…	external
https://security.paloaltonetworks.com/PAN-SA-2020-0008	external
https://downloads.avaya.com/css/P8/documents/101070227	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
http://lists.suse.com/pipermail/sle-security-upda…	external
https://support.hpe.com/hpesc/public/docDisplay?c…	external
https://access.redhat.com/errata/RHSA-2020:4115	external
https://access.redhat.com/errata/RHSA-2020:4172	external
https://www.arubanetworks.com/assets/alert/ARUBA-…	external
https://security.gentoo.org/glsa/202104-05	external
https://linux.oracle.com/errata/ELSA-2022-5095.html	external
http://linux.oracle.com/errata/ELSA-2022-9595.html	external
http://linux.oracle.com/errata/ELSA-2023-0049.html	external
https://www.ibm.com/support/pages/node/7087688	external
https://linux.oracle.com/errata/ELSA-2024-3184.html	external
https://linux.oracle.com/errata/ELSA-2025-3367.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Grand Unified Bootloader (Grub) ist ein freies Bootloader-Programm des GNU Projekts.\r\nWindows ist ein Betriebssystem von Microsoft.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nSUSE Linux ist eine Linux-Distribution bzw. Open Source Plattform.\r\nUbuntu Linux ist die Linux Distribution des Herstellers Canonical.\r\nDebian ist eine Linux-Distribution, die ausschlie\u00dflich Freie Software enth\u00e4lt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer mit Administratorrechten oder physischem Zugriff auf das Ger\u00e4t, kann mehrere Schwachstellen in Grub2 ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0553 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0553.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0553 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0553"
      },
      {
        "category": "external",
        "summary": "Microsoft Security Advisory vom 2020-07-29",
        "url": "https://portal.msrc.microsoft.com/de-DE/security-guidance/advisory/ADV200011"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2020:3216"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2020:3217"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2020:3227"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2020:3223"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007195.html"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007196.html"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007197.html"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007198.html"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007199.html"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007200.html"
      },
      {
        "category": "external",
        "summary": "SuSE Security Advisory",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007201.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory",
        "url": "https://usn.ubuntu.com/4432-1/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory",
        "url": "https://www.debian.org/security/2020/dsa-4735"
      },
      {
        "category": "external",
        "summary": "Huawei Security Advisory HUAWEI-SA-20200716-01-DNS vom 2020-07-30",
        "url": "https://www.huawei.com/en/psirt/security-notices/huawei-sn-20200730-01-grub2-en"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbhf04019en_us"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3273 vom 2020-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2020:3273"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3275 vom 2020-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2020:3275"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3276 vom 2020-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2020:3276"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3274 vom 2020-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2020:3274"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3271 vom 2020-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2020:3271"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4432-2 vom 2020-08-05",
        "url": "https://ubuntu.com/security/notices/USN-4432-2"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory CISCO-SA-GRUB2-CODE-EXEC-XLEPCAPY vom 2020-08-04",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisory PAN-SA-2020-0008 vom 2020-08-12",
        "url": "https://security.paloaltonetworks.com/PAN-SA-2020-0008"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-102 vom 2020-08-14",
        "url": "https://downloads.avaya.com/css/P8/documents/101070227"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14461-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007297.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2304-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007290.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2308-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007292.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2307-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007293.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2303-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007294.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2306-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007295.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2305-1 vom 2020-08-25",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007298.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2629-1 vom 2020-09-14",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007421.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2626-1 vom 2020-09-14",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007423.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2627-1 vom 2020-09-14",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007424.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2628-1 vom 2020-09-14",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007422.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14490-1 vom 2020-09-15",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007428.html"
      },
      {
        "category": "external",
        "summary": "HP CUSTOMER BULLETIN",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?cc=de\u0026docId=emr_na-a00105191de_de\u0026lang=de"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4115 vom 2020-09-30",
        "url": "https://access.redhat.com/errata/RHSA-2020:4115"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4172 vom 2020-10-05",
        "url": "https://access.redhat.com/errata/RHSA-2020:4172"
      },
      {
        "category": "external",
        "summary": "Aruba Product Security Advisory",
        "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-012.txt"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202104-05 vom 2021-05-01",
        "url": "https://security.gentoo.org/glsa/202104-05"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-5095 vom 2022-07-04",
        "url": "https://linux.oracle.com/errata/ELSA-2022-5095.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9595 vom 2022-07-14",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9595.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-0049 vom 2023-01-25",
        "url": "http://linux.oracle.com/errata/ELSA-2023-0049.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7087688 vom 2023-12-04",
        "url": "https://www.ibm.com/support/pages/node/7087688"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3184 vom 2024-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-3184.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-3367 vom 2025-04-10",
        "url": "https://linux.oracle.com/errata/ELSA-2025-3367.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Grub2: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-04-09T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-10T08:25:47.124+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2022-0553",
      "initial_release_date": "2020-07-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-07-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-07-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Huawei aufgenommen"
        },
        {
          "date": "2020-08-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von HP und Red Hat aufgenommen"
        },
        {
          "date": "2020-08-03T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-08-04T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-08-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Produktversion angepasst"
        },
        {
          "date": "2020-08-12T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Palo Alto Networks aufgenommen"
        },
        {
          "date": "2020-08-13T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2020-08-25T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-09-14T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-09-15T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-09-20T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2020-09-29T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-10-05T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-12-08T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Aruba aufgenommen"
        },
        {
          "date": "2021-04-20T22:00:00.000+00:00",
          "number": "16",
          "summary": "Referenz \"BootHole\" aufgenommen"
        },
        {
          "date": "2021-05-02T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-07-04T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-07-14T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-01-25T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-04-09T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "23"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Aruba ArubaOS",
            "product": {
              "name": "Aruba ArubaOS",
              "product_id": "T016785",
              "product_identification_helper": {
                "cpe": "cpe:/o:arubanetworks:arubaos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Aruba"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Web License Manager",
            "product": {
              "name": "Avaya Web License Manager",
              "product_id": "T016243",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:web_license_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco Identity Services Engine (ISE)",
            "product": {
              "name": "Cisco Identity Services Engine (ISE)",
              "product_id": "T000612",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:identity_services_engine_software:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Router",
            "product": {
              "name": "Cisco Router",
              "product_id": "T003258",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:router:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T009310",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.5",
                "product": {
                  "name": "IBM Security Guardium 11.5",
                  "product_id": "1411051",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:11.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft Windows",
            "product": {
              "name": "Microsoft Windows",
              "product_id": "7107",
              "product_identification_helper": {
                "cpe": "cpe:/o:microsoft:windows:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Grub",
            "product": {
              "name": "Open Source Grub",
              "product_id": "267608",
              "product_identification_helper": {
                "cpe": "cpe:/a:gnu:grub:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "PaloAlto Networks PAN-OS",
            "product": {
              "name": "PaloAlto Networks PAN-OS",
              "product_id": "T012790",
              "product_identification_helper": {
                "cpe": "cpe:/o:paloaltonetworks:pan-os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "131442",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-10713",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-10713"
    },
    {
      "cve": "CVE-2020-14308",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-14308"
    },
    {
      "cve": "CVE-2020-14309",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-14309"
    },
    {
      "cve": "CVE-2020-14310",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-14310"
    },
    {
      "cve": "CVE-2020-14311",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-14311"
    },
    {
      "cve": "CVE-2020-15705",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-15705"
    },
    {
      "cve": "CVE-2020-15706",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-15706"
    },
    {
      "cve": "CVE-2020-15707",
      "product_status": {
        "known_affected": [
          "131442",
          "T015518",
          "67646",
          "T015516",
          "T003258",
          "T015127",
          "T015126",
          "T012167",
          "T004914",
          "T016785",
          "267608",
          "T012790",
          "T016243",
          "2951",
          "T000612",
          "T002207",
          "7107",
          "T009310",
          "1411051"
        ]
      },
      "release_date": "2020-07-29T22:00:00.000+00:00",
      "title": "CVE-2020-15707"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-10713 (GCVE-0-2020-10713)

SUSE-SU-2020:2629-1

WID-SEC-W-2022-0553

Tags

Sightings

Nomenclature