Vulnerability Details : CVE-2020-27209
The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key.
Products affected by CVE-2020-27209
- cpe:2.3:a:micro-ecc_project:micro-ecc:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-27209
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-27209
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2020-27209
-
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Shedding too much Light on a Microcontroller’s Firmware Protection - Fraunhofer AISECThird Party Advisory
-
https://eprint.iacr.org/2021/640
Cryptology ePrint Archive: Report 2021/640 - Security and Trust in Open Source Security TokensThird Party Advisory
-
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
Security and Trust in Open Source Security Tokens - Fraunhofer AISECThird Party Advisory
-
https://github.com/kmackay/micro-ecc/commit/1b5f5cea5145c96dd8791b9b2c41424fc74c2172
Fix for #168 · kmackay/micro-ecc@1b5f5ce · GitHubPatch;Third Party Advisory
-
https://github.com/kmackay/micro-ecc/releases
Releases · kmackay/micro-ecc · GitHubThird Party Advisory
Jump to