{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T15:46:35.212","vulnerabilities":[{"cve":{"id":"CVE-2020-10059","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2020-05-11T23:15:11.973","lastModified":"2024-11-21T04:54:43.450","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions."},{"lang":"es","value":"El módulo UpdateHub deshabilita la comprobación del peer DTLS, lo que permite un ataque de tipo man in the middle. Esto es mitigado por imágenes de firmware que requieren firmas validas. Sin embargo, no existe ningún beneficio al usar DTLS sin la comprobación del peer. Consulte NCC-ZEP-018. Este problema afecta a: zephyrproject-rtos zephyr versión 2.1.0 y versiones posteriores."}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EF33DD80-0286-477C-88A4-FCEC0D80F520"},{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"677DD0A3-502D-45F1-9CC8-8DDB8F230DFC"}]}]}],"references":[{"url":"https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059","source":"vulnerabilities@zephyrproject.org"},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24954","source":"vulnerabilities@zephyrproject.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24997","source":"vulnerabilities@zephyrproject.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24999","source":"vulnerabilities@zephyrproject.org","tags":["Patch","Third Party Advisory"]},{"url":"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36","source":"vulnerabilities@zephyrproject.org","tags":["Third Party Advisory"]},{"url":"https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24954","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24997","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/pull/24999","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}