Cryptographic Signature Verification Vulnerability in The Update Framework by The Update Framework Team
CVE-2020-6174

9.8CRITICAL

Key Information:

Vendor: Linux
Status: The Update Framework
Vendor: CVE Published:; 5 February 2020

What is CVE-2020-6174?

The Update Framework (TUF) through version 0.12.1 has a vulnerability that allows for improper verification of cryptographic signatures. This flaw could potentially enable attackers to bypass security mechanisms and manipulate updates, compromising the integrity of the software supply chain. It is crucial for organizations using this framework to address and remediate this vulnerability to protect against unauthorized code execution.

References

https://github.com/theupdateframework/tuf/pull/974

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2020
Vulnerability Reserved
Jan 8, 2020

Linux

What is CVE-2020-6174?

References

CVSS V3.1

Timeline