CVE-2020-20949

EUVD-2020-13728
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
ststm32cubef0
-
ststm32cubef1
-
ststm32cubef2
-
ststm32cubef3
-
ststm32cubef4
-
ststm32cubef7
-
ststm32cubeg0
-
ststm32cubeg4
-
ststm32cubeh7
-
ststm32cubeide
-
ststm32cubel0
-
ststm32cubel1
-
ststm32cubel4
-
ststm32cubel4\+
-
ststm32cubel5
-
ststm32cubemonitor
-
ststm32cubemp1
-
ststm32cubemx
-
ststm32cubeprogrammer
-
ststm32cubewb
-
ststm32cubewl
-
ietfpublic_key_cryptography_standards_\#1
1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf
http://st.com
http://x-cube-cryptolib.com
https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb
https://www.st.com/en/embedded-software/x-cube-cryptolib.html
http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf
http://st.com
http://x-cube-cryptolib.com
https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb
https://www.st.com/en/embedded-software/x-cube-cryptolib.html