Cryptographic Signature Verification Vulnerability in The Update Framework by The Update Framework Team
CVE-2020-6174

9.8CRITICAL

Key Information:

Vendor: Linux
Status: The Update Framework
Vendor: CVE Published:; 5 February 2020

Summary

The Update Framework (TUF) through version 0.12.1 has a vulnerability that allows for improper verification of cryptographic signatures. This flaw could potentially enable attackers to bypass security mechanisms and manipulate updates, compromising the integrity of the software supply chain. It is crucial for organizations using this framework to address and remediate this vulnerability to protect against unauthorized code execution.

References

https://github.com/theupdateframework/tuf/pull/974

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2020
Vulnerability Reserved
Jan 8, 2020