CVE-2020-20949

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ststm32cubef0
-
ststm32cubef1
-
ststm32cubef2
-
ststm32cubef3
-
ststm32cubef4
-
ststm32cubef7
-
ststm32cubeg0
-
ststm32cubeg4
-
ststm32cubeh7
-
ststm32cubeide
-
ststm32cubel0
-
ststm32cubel1
-
ststm32cubel4
-
ststm32cubel4\+
-
ststm32cubel5
-
ststm32cubemonitor
-
ststm32cubemp1
-
ststm32cubemx
-
ststm32cubeprogrammer
-
ststm32cubewb
-
ststm32cubewl
-
ietfpublic_key_cryptography_standards_\#1
1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf
http://st.com
http://x-cube-cryptolib.com
https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb
https://www.st.com/en/embedded-software/x-cube-cryptolib.html
http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf
http://st.com
http://x-cube-cryptolib.com
https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb
https://www.st.com/en/embedded-software/x-cube-cryptolib.html