CVE-2020-27208

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
solokeyssolo_firmware
4.0.0
solokeyssomu_firmware
-
nitrokeyfido2_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://eprint.iacr.org/2021/640
https://github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec
https://solokeys.com
https://twitter.com/SoloKeysSec
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
https://eprint.iacr.org/2021/640
https://github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec
https://solokeys.com
https://twitter.com/SoloKeysSec
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html