CVE-2020-27208 : The flash read-out protection (RDP) level is not enforced during the device init

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.

Published 2021-05-21 12:15:08

Updated 2021-05-28 15:41:33

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-27208

Solokeys » Solo Firmware » Version: 4.0.0
cpe:2.3:o:solokeys:solo_firmware:4.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Solokeys » Solo » Version: N/A
Solokeys » Somu Firmware » Version: N/A
cpe:2.3:o:solokeys:somu_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Solokeys » Somu » Version: N/A
Nitrokey » Fido2 Firmware » Version: N/A
cpe:2.3:o:nitrokey:fido2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Nitrokey » Fido2 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-27208

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-27208

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-27208

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-27208

https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

Shedding too much Light on a Microcontroller’s Firmware Protection - Fraunhofer AISEC
Exploit;Third Party Advisory

CVEs referencing this url
https://github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec

patches to improve resistance to fault injection · solokeys/solo@a9c02cd · GitHub
Patch;Third Party Advisory
https://solokeys.com

Solo – SoloKeys
Product
https://eprint.iacr.org/2021/640

Cryptology ePrint Archive: Report 2021/640 - Security and Trust in Open Source Security Tokens
Third Party Advisory

CVEs referencing this url
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html

Security and Trust in Open Source Security Tokens - Fraunhofer AISEC
Third Party Advisory

CVEs referencing this url
https://twitter.com/SoloKeysSec

SoloKeys (@SoloKeysSec) / Twitter
Product

Jump to

Vulnerability Details : CVE-2020-27208

Products affected by CVE-2020-27208

Exploit prediction scoring system (EPSS) score for CVE-2020-27208

CVSS scores for CVE-2020-27208

CWE ids for CVE-2020-27208

References for CVE-2020-27208