CVEs-PoC/2020/CVE-2020-10759.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 15:15:46 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.

POC

Reference

https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md

Github

https://github.com/0xT11/CVE-POC
https://github.com/ARPSyndicate/cvemon
https://github.com/alphaSeclab/sec-daily-2020
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/hannob/pgpbugs
https://github.com/hectorgie/PoC-in-GitHub
https://github.com/justinsteven/CVE-2020-10759-poc
https://github.com/justinsteven/advisories
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/soosmile/POC

1.4 KiB Raw Blame History

CVE-2020-10759

Description

POC

Reference

Github

1.4 KiB

Raw Blame History