Vulnerability Details : CVE-2020-24722
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.
Products affected by CVE-2020-24722
- Exposure Notifications Project » Exposure Notifications » For Iphone OsVersions up to, including, (<=) 2020-10-05cpe:2.3:a:exposure_notifications_project:exposure_notifications:*:*:*:*:*:iphone_os:*:*
- Exposure Notifications Project » Exposure Notifications » For AndroidVersions up to, including, (<=) 2020-10-05cpe:2.3:a:exposure_notifications_project:exposure_notifications:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-24722
2.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-24722
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:P/A:N |
4.9
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2020-24722
-
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-24722
-
https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations
exposure-notifications-internals/en-risks-and-mitigations-faq.md at main · google/exposure-notifications-internals · GitHubThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Oct/12
Full Disclosure: CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation IssuesExploit;Mailing List;Third Party Advisory
-
https://blog.google/inside-google/company-announcements/update-exposure-notifications
An update on Exposure NotificationsThird Party Advisory
-
http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html
GAEN Protocol Metadata Deanonymization / Risk-Score Inflation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to