Vulnerability-Lookup

CVE-2020-15705 (GCVE-0-2020-15705)

Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-17 00:06

Title

GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

Summary

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

canonical

References

URL

Tags

	https://www.eclypsium.com/2020/07/29/theres-a-hol…	x_refsource_CONFIRM
	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBas…	vendor-advisoryx_refsource_UBUNTU
	http://ubuntu.com/security/notices/USN-4432-1	vendor-advisoryx_refsource_UBUNTU
	https://www.debian.org/security/2020-GRUB-UEFI-Se…	vendor-advisoryx_refsource_DEBIAN
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	https://access.redhat.com/security/vulnerabilitie…	vendor-advisoryx_refsource_REDHAT
	https://www.suse.com/c/suse-addresses-grub2-secur…	vendor-advisoryx_refsource_SUSE
	https://www.suse.com/support/kb/doc/?id=000019673	vendor-advisoryx_refsource_SUSE
	https://www.openwall.com/lists/oss-security/2020/…	x_refsource_CONFIRM
	https://lists.gnu.org/archive/html/grub-devel/202…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2020/07/29/3	mailing-listx_refsource_MLIST
	https://security.netapp.com/advisory/ntap-2020073…	x_refsource_CONFIRM
	https://usn.ubuntu.com/4432-1/	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2021/03/02/3	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/202104-05	vendor-advisoryx_refsource_GENTOO
	http://www.openwall.com/lists/oss-security/2021/09/17/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/09/17/4	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/09/21/1	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Ubuntu	grub2 in Ubuntu	Affected: 20.04 LTS , < 2.04-1ubuntu26.1 (custom) Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom)

Credits

Mathieu Trudel-Lapierre

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1280",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
          },
          {
            "name": "openSUSE-SU-2020:1282",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
          },
          {
            "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
          },
          {
            "name": "GLSA-202104-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-05"
          },
          {
            "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
          },
          {
            "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
          },
          {
            "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2 in Ubuntu",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.04-1ubuntu26.1",
              "status": "affected",
              "version": "20.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02-2ubuntu8.16",
              "status": "affected",
              "version": "18.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-36ubuntu3.26",
              "status": "affected",
              "version": "16.04 LTS",
              "versionType": "custom"
            },
            {
              "lessThan": "2.02~beta2-9ubuntu1.20",
              "status": "affected",
              "version": "14.04 ESM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mathieu Trudel-Lapierre"
        }
      ],
      "datePublic": "2020-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T11:06:32.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/security/notices/USN-4432-1"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://www.suse.com/support/kb/doc/?id=000019673"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
        },
        {
          "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
        },
        {
          "name": "USN-4432-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4432-1/"
        },
        {
          "name": "openSUSE-SU-2020:1280",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
        },
        {
          "name": "openSUSE-SU-2020:1282",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
        },
        {
          "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
        },
        {
          "name": "GLSA-202104-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202104-05"
        },
        {
          "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
        },
        {
          "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
        },
        {
          "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
        }
      ],
      "source": {
        "advisory": "USN 4432-1",
        "defect": [
          "https://launchpad.net/bugs/1801968"
        ],
        "discovery": "INTERNAL"
      },
      "title": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
          "ID": "CVE-2020-15705",
          "STATE": "PUBLIC",
          "TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grub2 in Ubuntu",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "20.04 LTS",
                            "version_value": "2.04-1ubuntu26.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.04 LTS",
                            "version_value": "2.02-2ubuntu8.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.04 LTS",
                            "version_value": "2.02~beta2-36ubuntu3.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "14.04 ESM",
                            "version_value": "2.02~beta2-9ubuntu1.20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Mathieu Trudel-Lapierre"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347 Improper Verification of Cryptographic Signature"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1280",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
            },
            {
              "name": "openSUSE-SU-2020:1282",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
            },
            {
              "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202104-05"
            },
            {
              "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
            },
            {
              "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
            },
            {
              "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
            }
          ]
        },
        "source": {
          "advisory": "USN 4432-1",
          "defect": [
            "https://launchpad.net/bugs/1801968"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15705",
    "datePublished": "2020-07-29T17:45:33.422Z",
    "dateReserved": "2020-07-14T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:06:01.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15705

Vulnerability from fstec - Published: 29.07.2020

Title

Уязвимость реализации протокола безопасной загрузки Secure Boot загрузчика операционных систем Grub2, позволяющая нарушителю выполнить произвольный код и получить полный контроль над устройством

Description

Уязвимость реализации протокола безопасной загрузки Secure Boot загрузчика операционных систем Grub2 связана с некорректной проверкой криптографической подписи. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код и получить полный контроль над устройством

Severity ?


                    
                      AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp, Red Hat Inc., Canonical Ltd., Novell Inc., Сообщество свободного программного обеспечения, Erich Boleyn, ООО «Ред Софт», ФССП России

Software Name

Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, Windows 10 1607, Red Hat Enterprise Linux, Windows Server 2016, Windows RT 8.1, Windows Server 2012 R2 (Server Core installation), Windows Server 2016 (Server Core installation), Ubuntu, Windows 10 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), OpenSUSE Leap, Debian GNU/Linux, Grub2, Windows 10 20H2, Windows Server 20H2 (Server Core Installation), Windows 10 21H1, Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 11, РЕД ОС (запись в едином реестре российских программ №3751), ОС ТД АИС ФССП России, Windows Server 2012 (Server Core installation)

Software Version

- (Windows 8.1), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows 10), - (Windows 10 1607), 7 (Red Hat Enterprise Linux), - (Windows Server 2016), - (Windows RT 8.1), - (Windows Server 2012 R2 (Server Core installation)), - (Windows Server 2016 (Server Core installation)), 18.04 LTS (Ubuntu), - (Windows 10 1809), - (Windows Server 2019), - (Windows Server 2019 (Server Core installation)), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 7.6 Extended Update Support (Red Hat Enterprise Linux), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Telco Extended Update Support (Red Hat Enterprise Linux), 7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.4 Telco Extended Update Support (Red Hat Enterprise Linux), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.4 Advanced Update Support (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), 8.1 Extended Update Support (Red Hat Enterprise Linux), 7.7 Extended Update Support (Red Hat Enterprise Linux), до 2.04 включительно (Grub2), - (Windows 10 20H2), - (Windows Server 20H2 (Server Core Installation)), 16.04 ESM (Ubuntu), - (Windows 10 21H1), 7.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), - (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), - (Windows 11), 7.3 (РЕД ОС), ИК6 (ОС ТД АИС ФССП России), - (Windows Server 2012 (Server Core installation))

Possible Mitigations

Использование рекомендаций: Для Grub2: https://git.savannah.gnu.org/gitweb/?p=grub.git&view=view+git+repository Для Ред ОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Debian: https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2020-15705 Для программных продуктов Novell Inc.: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VHOMHHK6YNMLF2MBP6E2P2NPYVKF47G6/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UGKES3MGRD44EG6DD3EOHLZZXMVRVSC3/ Для Ubuntu: https://ubuntu.com/security/notices/USN-4432-1 Для Microsoft Corp.: https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200011 Для ОС ТД АИС ФССП России: https://goslinux.fssp.gov.ru/2726972/

Reference

https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-grub-/?sphrase_id=63279 https://git.savannah.gnu.org/gitweb/?p=grub.git&view=view+git+repository https://access.redhat.com/security/cve/cve-2020-15705 https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VHOMHHK6YNMLF2MBP6E2P2NPYVKF47G6/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UGKES3MGRD44EG6DD3EOHLZZXMVRVSC3/ https://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2021/03/02/3 http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security/2021/09/21/1 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200011 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass https://security.gentoo.org/glsa/202104-05 https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ https://nvd.nist.gov/vuln/detail/CVE-2020-15705 https://goslinux.fssp.gov.ru/2726972/

CWE

CWE-347, CWE-440

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, Red Hat Inc., Canonical Ltd., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Erich Boleyn, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows 8.1), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows 10), - (Windows 10 1607), 7 (Red Hat Enterprise Linux), - (Windows Server 2016), - (Windows RT 8.1), - (Windows Server 2012 R2 (Server Core installation)), - (Windows Server 2016 (Server Core installation)), 18.04 LTS (Ubuntu), - (Windows 10 1809), - (Windows Server 2019), - (Windows Server 2019 (Server Core installation)), 8 (Red Hat Enterprise Linux), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 7.6 Extended Update Support (Red Hat Enterprise Linux), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Telco Extended Update Support (Red Hat Enterprise Linux), 7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.4 Telco Extended Update Support (Red Hat Enterprise Linux), 8.0 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.4 Advanced Update Support (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 15.2 (OpenSUSE Leap), 8.1 Extended Update Support (Red Hat Enterprise Linux), 7.7 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 2.04 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Grub2), - (Windows 10 20H2), - (Windows Server 20H2 (Server Core Installation)), 16.04 ESM (Ubuntu), - (Windows 10 21H1), 7.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), - (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), - (Windows 11), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0418\u041a6 (\u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438), - (Windows Server 2012 (Server Core installation))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Grub2:\nhttps://git.savannah.gnu.org/gitweb/?p=grub.git\u0026view=view+git+repository\n\n\u0414\u043b\u044f \u0420\u0435\u0434 \u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian:\nhttps://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-15705\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VHOMHHK6YNMLF2MBP6E2P2NPYVKF47G6/\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UGKES3MGRD44EG6DD3EOHLZZXMVRVSC3/\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4432-1\n\n\u0414\u043b\u044f Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200011\n\n\u0414\u043b\u044f \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438: \nhttps://goslinux.fssp.gov.ru/2726972/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.07.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.09.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05895",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-15705",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, Windows 10 1607, Red Hat Enterprise Linux, Windows Server 2016, Windows RT 8.1, Windows Server 2012 R2 (Server Core installation), Windows Server 2016 (Server Core installation), Ubuntu, Windows 10 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), OpenSUSE Leap, Debian GNU/Linux, Grub2, Windows 10 20H2, Windows Server 20H2 (Server Core Installation), Windows 10 21H1, Windows Server 2022, Windows Server 2022 (Server Core installation), Windows 11, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, Windows Server 2012 (Server Core installation)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows 8.1 - 64-bit, Microsoft Corp Windows 8.1 - 32-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Red Hat Inc. Red Hat Enterprise Linux 7 , Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows RT 8.1 - , Microsoft Corp Windows Server 2012 R2 (Server Core installation) - , Microsoft Corp Windows Server 2016 (Server Core installation) - , Canonical Ltd. Ubuntu 18.04 LTS , Microsoft Corp Windows 10 1809 - 64-bit, Microsoft Corp Windows 10 1809 - 32-bit, Microsoft Corp Windows Server 2019 - , Microsoft Corp Windows Server 2019 (Server Core installation) - , Microsoft Corp Windows 10 1809 - ARM64, Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Red Hat Inc. Red Hat Enterprise Linux 7.6 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 7.4 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 7.4 Advanced Update Support , Canonical Ltd. Ubuntu 20.04 LTS , Novell Inc. OpenSUSE Leap 15.2 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.7 Extended Update Support , Erich Boleyn Grub2 \u0434\u043e 2.04 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Microsoft Corp Windows 10 20H2 - ARM64, Microsoft Corp Windows 10 20H2 - 32-bit, Microsoft Corp Windows 10 20H2 - 64-bit, Microsoft Corp Windows Server 20H2 (Server Core Installation) - , Canonical Ltd. Ubuntu 16.04 ESM , Microsoft Corp Windows 10 21H1 - 32-bit, Microsoft Corp Windows 10 21H1 - 64-bit, Microsoft Corp Windows 10 21H1 - ARM64, Red Hat Inc. Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions , Microsoft Corp Windows Server 2022 - , Microsoft Corp Windows Server 2022 (Server Core installation) - , Microsoft Corp Windows 11 - 64-bit, Microsoft Corp Windows 11 - ARM64, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u0418\u041a6 , Microsoft Corp Windows Server 2012 (Server Core installation) - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 Secure Boot \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (CWE-347), \u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0433\u043e \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f (CWE-440)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 Secure Boot \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438, \u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-grub-/?sphrase_id=63279\nhttps://git.savannah.gnu.org/gitweb/?p=grub.git\u0026view=view+git+repository\nhttps://access.redhat.com/security/cve/cve-2020-15705\nhttps://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VHOMHHK6YNMLF2MBP6E2P2NPYVKF47G6/\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UGKES3MGRD44EG6DD3EOHLZZXMVRVSC3/\nhttps://ubuntu.com/security/notices/USN-4432-1\nhttp://www.openwall.com/lists/oss-security/2020/07/29/3 \nhttp://www.openwall.com/lists/oss-security/2021/03/02/3 \nhttp://www.openwall.com/lists/oss-security/2021/09/17/2 \nhttp://www.openwall.com/lists/oss-security/2021/09/17/4 \nhttp://www.openwall.com/lists/oss-security/2021/09/21/1\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200011\nhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass\nhttps://security.gentoo.org/glsa/202104-05\nhttps://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15705\nhttps://goslinux.fssp.gov.ru/2726972/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-347, CWE-440",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)"
}

CERTFR-2020-AVI-476

Vulnerability from certfr_avis - Published: 2020-07-30 - Updated: 2020-07-30

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4432-1 du 29 juillet 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    }
  ],
  "initial_release_date": "2020-07-30T00:00:00",
  "last_revision_date": "2020-07-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-476",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4432-1 du 29 juillet 2020",
      "url": "https://ubuntu.com/security/notices/USN-4432-1"
    }
  ]
}

CERTFR-2020-AVI-485

Vulnerability from certfr_avis - Published: 2020-08-05 - Updated: 2020-08-05

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-4432-2 du 04 août 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 20.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    }
  ],
  "initial_release_date": "2020-08-05T00:00:00",
  "last_revision_date": "2020-08-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-485",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-08-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4432-2 du 04 ao\u00fbt 2020",
      "url": "https://ubuntu.com/security/notices/USN-4432-2"
    }
  ]
}

CERTFR-2020-AVI-477

Vulnerability from certfr_avis - Published: 2020-07-30 - Updated: 2020-07-31

GRUB2 est le bootloader le plus couramment utilisé par les distributions Linux pour démarrer le système d'exploitation.

De multiples vulnérabilités ont été découvertes dans GRUB2. Elles permettent à un attaquant, ayant la possibilité de modifier le fichier de configuration grub.cfg ou de manipuler d'autres ressources utilisées par GRUB2, de provoquer une exécution de code arbitraire.

Pour y parvenir, l'attaquant doit avoir les droits administrateurs ou avoir un accès physique à un équipement afin de manipuler la séquence de démarrage (via un support amovible ou via la modification du disque de boot de la machine). Ces méthodes permettent donc de compromettre une machine même si celle-ci n'a pas Linux d'installé à l'origine.

En agissant ainsi sur une machine configurée avec Secure Boot, l'attaquant est alors en capacité de rompre la chaîne de confiance et de déployer du code malveillant pour compromettre la machine de façon persistante sans être détecté.

Solution

Les machines utilisant GRUB2 doivent appliquer les mises à jour publiées par les éditeurs de distribution Linux.

Afin de rétablir la chaîne de confiance Secure Boot, toutes les machines configurées avec Secure Boot devront être mises à jour pour interdire l'utilisation des versions GRUB2 vulnérables. Cette étape consiste à actualiser les fichiers DB et DBX qui référencent respectivement les bootloaders de confiance et les bootloaders révoqués par Secure Boot :

soit en appliquant les mesures préconisées par Microsoft pour les machines installées avec un système d'exploitation Windows
soit en appliquant les mesures préconisées par l'éditeur de la distribution Linux lorsque celui propose une mise à jour de Secure Boot
soit en appliquant une mise à jour de BIOS publiée par le constructeur de l'équipement

Cette mise à jour de DBX doit donc être réalisée après avoir mis à jour GRUB2 sur les machines pour ne pas risque un blocage au moment du démarrage.

Le CERT-FR recommande donc fortement de se référer aux différentes publications des éditeurs disponibles à ce jour (cf. références documentaires) afin de déterminer le plan d'actions adapté à chaque configuration.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Toute machine configurée avec Secure Boot pour sécuriser la séquence de démarrage de son système d'exploitation

References

Title

Publication Time

Tags

Avis de sécurité HP du 27 juillet 2020	None	vendor-advisory
Avis de sécurité SUSE du 29 juillet 2020	None	vendor-advisory
Avis de sécurité Microsoft du 29 juillet 2020	None	vendor-advisory
Publication de la société Eclypsium du 29 juillet 2020	None	vendor-advisory
Avis de sécurité Debian du 30 juillet 2020	None	vendor-advisory
Avis de sécurité VMware du 29 juillet 2020	None	vendor-advisory
Avis de sécurité HPE du 29 juillet 2020	None	vendor-advisory
Avis de sécurité Ubuntu du 30 juillet 2020	None	vendor-advisory
Avis de sécurité Red Hat du 29 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Toute machine configur\u00e9e avec Secure Boot pour s\u00e9curiser la s\u00e9quence de d\u00e9marrage de son syst\u00e8me d\u0027exploitation",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nLes machines utilisant GRUB2 doivent appliquer les mises \u00e0 jour publi\u00e9es\npar les \u00e9diteurs de distribution Linux.\n\nAfin de r\u00e9tablir la cha\u00eene de confiance Secure Boot, toutes les machines\nconfigur\u00e9es avec Secure Boot devront \u00eatre mises \u00e0 jour pour interdire\nl\u0027utilisation des versions GRUB2 vuln\u00e9rables. Cette \u00e9tape consiste \u00e0\nactualiser les fichiers DB et DBX qui r\u00e9f\u00e9rencent respectivement les\nbootloaders de confiance et les bootloaders r\u00e9voqu\u00e9s par Secure Boot :\n\n-   soit en appliquant les mesures pr\u00e9conis\u00e9es par Microsoft pour les\n    machines install\u00e9es avec un syst\u00e8me d\u0027exploitation Windows\n-   soit en appliquant les mesures pr\u00e9conis\u00e9es par l\u0027\u00e9diteur de la\n    distribution Linux lorsque celui propose une mise \u00e0 jour de Secure\n    Boot\n-   soit en appliquant une mise \u00e0 jour de BIOS publi\u00e9e par le\n    constructeur de l\u0027\u00e9quipement\n\nCette mise \u00e0 jour de DBX doit donc \u00eatre r\u00e9alis\u00e9e apr\u00e8s avoir mis \u00e0 jour\nGRUB2 sur les machines pour ne pas risque un blocage au moment du\nd\u00e9marrage.\n\n**Le CERT-FR recommande donc fortement de se r\u00e9f\u00e9rer aux diff\u00e9rentes\npublications des \u00e9diteurs disponibles \u00e0 ce jour (cf. r\u00e9f\u00e9rences\ndocumentaires) afin de d\u00e9terminer le plan d\u0027actions adapt\u00e9 \u00e0 chaque\nconfiguration.**\n\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    }
  ],
  "initial_release_date": "2020-07-30T00:00:00",
  "last_revision_date": "2020-07-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-477",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-30T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027un lien vers l\u0027avis Microsoft",
      "revision_date": "2020-07-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "GRUB2 est le bootloader le plus couramment utilis\u00e9 par les distributions\nLinux pour d\u00e9marrer le syst\u00e8me d\u0027exploitation.\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GRUB2. Elles\npermettent \u00e0 un attaquant, ayant la possibilit\u00e9 de modifier le fichier\nde configuration grub.cfg ou de manipuler d\u0027autres ressources utilis\u00e9es\npar GRUB2, de provoquer une ex\u00e9cution de code arbitraire.\n\nPour y parvenir, l\u0027attaquant doit avoir les droits administrateurs ou\navoir un acc\u00e8s physique \u00e0 un \u00e9quipement afin de manipuler la s\u00e9quence de\nd\u00e9marrage (via un support amovible ou via la modification du disque de\nboot de la machine). Ces m\u00e9thodes permettent donc de compromettre une\nmachine m\u00eame si celle-ci n\u0027a pas Linux d\u0027install\u00e9 \u00e0 l\u0027origine.\n\nEn agissant ainsi sur une machine configur\u00e9e avec Secure Boot,\nl\u0027attaquant est alors en capacit\u00e9 de rompre la cha\u00eene de confiance et de\nd\u00e9ployer du code malveillant pour compromettre la machine de fa\u00e7on\npersistante sans \u00eatre d\u00e9tect\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Grub2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 HP du 27 juillet 2020",
      "url": "https://support.hp.com/us-en/document/c06707446"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 SUSE du 29 juillet 2020",
      "url": "https://www.suse.com/support/kb/doc/?id=000019673"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Microsoft du 29 juillet 2020",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
    },
    {
      "published_at": null,
      "title": "Publication de la soci\u00e9t\u00e9 Eclypsium du 29 juillet 2020",
      "url": "https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Debian du 30 juillet 2020",
      "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 VMware du 29 juillet 2020",
      "url": "https://kb.vmware.com/s/article/80181"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 HPE du 29 juillet 2020",
      "url": "https://techhub.hpe.com/eginfolib/securityalerts/Boot_Hole/boot_hole.html"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Ubuntu du 30 juillet 2020",
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Red Hat du 29 juillet 2020",
      "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
    }
  ]
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11176 du 22 mars 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    },
    {
      "name": "CVE-2017-13082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
    },
    {
      "name": "CVE-2017-13088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
    },
    {
      "name": "CVE-2017-13086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
    },
    {
      "name": "CVE-2017-13087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2007-6284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
    },
    {
      "name": "CVE-2008-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
    },
    {
      "name": "CVE-2013-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2013-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
    },
    {
      "name": "CVE-2014-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2015-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
    },
    {
      "name": "CVE-2015-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
    },
    {
      "name": "CVE-2015-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
    },
    {
      "name": "CVE-2015-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2014-8991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
    },
    {
      "name": "CVE-2014-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
    },
    {
      "name": "CVE-2014-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
    },
    {
      "name": "CVE-2015-6838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
    },
    {
      "name": "CVE-2015-6837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2015-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2016-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
    },
    {
      "name": "CVE-2016-5636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
    },
    {
      "name": "CVE-2017-7773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
    },
    {
      "name": "CVE-2017-7772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
    },
    {
      "name": "CVE-2017-7778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
    },
    {
      "name": "CVE-2017-7771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
    },
    {
      "name": "CVE-2017-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
    },
    {
      "name": "CVE-2017-7776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
    },
    {
      "name": "CVE-2017-7777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
    },
    {
      "name": "CVE-2017-7775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
    },
    {
      "name": "CVE-2017-6463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
    },
    {
      "name": "CVE-2017-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
    },
    {
      "name": "CVE-2017-6464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
    },
    {
      "name": "CVE-2017-14492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
    },
    {
      "name": "CVE-2017-14496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2017-14493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
    },
    {
      "name": "CVE-2017-14494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
    },
    {
      "name": "CVE-2017-14495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
    },
    {
      "name": "CVE-2017-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2017-15412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2017-17807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2018-1000007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
    },
    {
      "name": "CVE-2018-1000121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-6914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
    },
    {
      "name": "CVE-2017-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
    },
    {
      "name": "CVE-2018-8778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
    },
    {
      "name": "CVE-2017-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
    },
    {
      "name": "CVE-2018-8780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
    },
    {
      "name": "CVE-2017-17742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
    },
    {
      "name": "CVE-2017-10784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
    },
    {
      "name": "CVE-2017-17405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
    },
    {
      "name": "CVE-2018-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
    },
    {
      "name": "CVE-2017-14064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
    },
    {
      "name": "CVE-2018-8777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
    },
    {
      "name": "CVE-2018-5407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
    },
    {
      "name": "CVE-2018-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
    },
    {
      "name": "CVE-2018-7858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
    },
    {
      "name": "CVE-2018-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
    },
    {
      "name": "CVE-2018-10897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
    },
    {
      "name": "CVE-2018-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
    },
    {
      "name": "CVE-2018-5683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
    },
    {
      "name": "CVE-2017-13672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
    },
    {
      "name": "CVE-2018-11212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
    },
    {
      "name": "CVE-2017-18267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
    },
    {
      "name": "CVE-2018-13988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-6133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
    },
    {
      "name": "CVE-2018-18311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2019-10132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
    },
    {
      "name": "CVE-2019-11190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
    },
    {
      "name": "CVE-2019-11884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
    },
    {
      "name": "CVE-2019-11487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
    },
    {
      "name": "CVE-2019-12382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
    },
    {
      "name": "CVE-2018-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
    },
    {
      "name": "CVE-2019-5953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
    },
    {
      "name": "CVE-2019-12614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2018-1060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
    },
    {
      "name": "CVE-2018-12327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
    },
    {
      "name": "CVE-2018-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
    },
    {
      "name": "CVE-2019-10639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
    },
    {
      "name": "CVE-2019-10638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
    },
    {
      "name": "CVE-2018-20836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
    },
    {
      "name": "CVE-2019-13233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
    },
    {
      "name": "CVE-2019-14283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
    },
    {
      "name": "CVE-2019-13648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
    },
    {
      "name": "CVE-2019-10207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
    },
    {
      "name": "CVE-2015-9289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
    },
    {
      "name": "CVE-2019-14816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
    },
    {
      "name": "CVE-2019-15239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
    },
    {
      "name": "CVE-2019-15917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
    },
    {
      "name": "CVE-2017-18551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
    },
    {
      "name": "CVE-2019-15217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
    },
    {
      "name": "CVE-2019-14821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
    },
    {
      "name": "CVE-2019-11068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
    },
    {
      "name": "CVE-2018-18066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2019-17666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
    },
    {
      "name": "CVE-2019-17133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
    },
    {
      "name": "CVE-2018-12207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
    },
    {
      "name": "CVE-2019-17055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
    },
    {
      "name": "CVE-2019-17053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2019-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
    },
    {
      "name": "CVE-2019-16233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
    },
    {
      "name": "CVE-2019-15807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
    },
    {
      "name": "CVE-2019-16231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-19058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
    },
    {
      "name": "CVE-2019-14895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
    },
    {
      "name": "CVE-2019-19046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
    },
    {
      "name": "CVE-2019-15916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
    },
    {
      "name": "CVE-2019-18660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
    },
    {
      "name": "CVE-2019-19063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
    },
    {
      "name": "CVE-2019-19062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
    },
    {
      "name": "CVE-2018-14526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
    },
    {
      "name": "CVE-2019-13734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
    },
    {
      "name": "CVE-2019-19530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
    },
    {
      "name": "CVE-2019-19534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
    },
    {
      "name": "CVE-2019-19524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
    },
    {
      "name": "CVE-2019-14901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
    },
    {
      "name": "CVE-2019-19537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
    },
    {
      "name": "CVE-2019-19523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
    },
    {
      "name": "CVE-2019-19338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
    },
    {
      "name": "CVE-2019-19332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
    },
    {
      "name": "CVE-2019-19527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
    },
    {
      "name": "CVE-2019-18808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
    },
    {
      "name": "CVE-2019-19767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
    },
    {
      "name": "CVE-2019-19807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
    },
    {
      "name": "CVE-2019-19055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-19447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
    },
    {
      "name": "CVE-2019-20095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
    },
    {
      "name": "CVE-2019-20054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2019-14898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
    },
    {
      "name": "CVE-2019-16994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
    },
    {
      "name": "CVE-2019-18282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
    },
    {
      "name": "CVE-2020-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
    },
    {
      "name": "CVE-2019-19059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
    },
    {
      "name": "CVE-2019-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
    },
    {
      "name": "CVE-2020-9383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
    },
    {
      "name": "CVE-2020-8647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
    },
    {
      "name": "CVE-2020-8649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
    },
    {
      "name": "CVE-2020-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
    },
    {
      "name": "CVE-2019-9458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
    },
    {
      "name": "CVE-2020-10942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
    },
    {
      "name": "CVE-2019-9454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
    },
    {
      "name": "CVE-2020-11565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
    },
    {
      "name": "CVE-2020-10690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
    },
    {
      "name": "CVE-2020-10751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
    },
    {
      "name": "CVE-2020-12826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
    },
    {
      "name": "CVE-2020-12654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
    },
    {
      "name": "CVE-2020-10732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
    },
    {
      "name": "CVE-2019-20636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
    },
    {
      "name": "CVE-2019-20811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
    },
    {
      "name": "CVE-2020-12653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
    },
    {
      "name": "CVE-2020-10757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
    },
    {
      "name": "CVE-2020-12770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
    },
    {
      "name": "CVE-2020-12888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
    },
    {
      "name": "CVE-2020-12402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
    },
    {
      "name": "CVE-2018-16881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
    },
    {
      "name": "CVE-2018-19519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
    },
    {
      "name": "CVE-2020-10713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
    },
    {
      "name": "CVE-2020-14311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
    },
    {
      "name": "CVE-2020-14309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
    },
    {
      "name": "CVE-2020-15706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
    },
    {
      "name": "CVE-2020-14308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
    },
    {
      "name": "CVE-2020-14310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-15707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
    },
    {
      "name": "CVE-2020-14331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
    },
    {
      "name": "CVE-2020-10769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
    },
    {
      "name": "CVE-2020-14364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2020-24394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
    },
    {
      "name": "CVE-2020-25212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
    },
    {
      "name": "CVE-2020-14305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
    },
    {
      "name": "CVE-2020-10742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2020-25643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
    },
    {
      "name": "CVE-2020-15999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
    },
    {
      "name": "CVE-2018-20843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
    },
    {
      "name": "CVE-2018-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
    },
    {
      "name": "CVE-2018-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
    },
    {
      "name": "CVE-2020-13817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
    },
    {
      "name": "CVE-2020-11868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2019-13232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
    },
    {
      "name": "CVE-2020-10531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
    },
    {
      "name": "CVE-2019-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2019-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2019-12450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
    },
    {
      "name": "CVE-2020-12825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
    },
    {
      "name": "CVE-2020-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
    },
    {
      "name": "CVE-2019-14866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
    },
    {
      "name": "CVE-2020-1983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
    },
    {
      "name": "CVE-2019-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
    },
    {
      "name": "CVE-2019-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
    },
    {
      "name": "CVE-2020-10754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
    },
    {
      "name": "CVE-2020-12049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
    },
    {
      "name": "CVE-2019-14822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
    },
    {
      "name": "CVE-2020-14363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
    },
    {
      "name": "CVE-2019-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
    },
    {
      "name": "CVE-2018-18751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
    },
    {
      "name": "CVE-2019-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
    },
    {
      "name": "CVE-2019-20386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
    },
    {
      "name": "CVE-2017-13722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
    },
    {
      "name": "CVE-2014-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
    },
    {
      "name": "CVE-2018-16403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
    },
    {
      "name": "CVE-2018-15746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
    },
    {
      "name": "CVE-2014-6272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
    },
    {
      "name": "CVE-2019-7638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
    },
    {
      "name": "CVE-2015-8241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
    },
    {
      "name": "CVE-2019-10155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
    },
    {
      "name": "CVE-2018-11813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
    },
    {
      "name": "CVE-2018-18310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
    },
    {
      "name": "CVE-2018-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
    },
    {
      "name": "CVE-2020-12662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
    },
    {
      "name": "CVE-2012-4423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
    },
    {
      "name": "CVE-2017-0902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
    },
    {
      "name": "CVE-2018-8945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
    },
    {
      "name": "CVE-2017-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
    },
    {
      "name": "CVE-2010-2239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
    },
    {
      "name": "CVE-2010-2242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
    },
    {
      "name": "CVE-2017-14167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
    },
    {
      "name": "CVE-2015-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2013-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
    },
    {
      "name": "CVE-2018-1000075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
    },
    {
      "name": "CVE-2018-15857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
    },
    {
      "name": "CVE-2018-16062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
    },
    {
      "name": "CVE-2018-10534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
    },
    {
      "name": "CVE-2014-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
    },
    {
      "name": "CVE-2018-18384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
    },
    {
      "name": "CVE-2013-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
    },
    {
      "name": "CVE-2016-6580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
    },
    {
      "name": "CVE-2018-12697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
    },
    {
      "name": "CVE-2018-1000301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2019-12155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
    },
    {
      "name": "CVE-2017-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
    },
    {
      "name": "CVE-2014-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
    },
    {
      "name": "CVE-2017-1000050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
    },
    {
      "name": "CVE-2018-10535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
    },
    {
      "name": "CVE-2019-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
    },
    {
      "name": "CVE-2018-16402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
    },
    {
      "name": "CVE-2018-1116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
    },
    {
      "name": "CVE-2018-15853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
    },
    {
      "name": "CVE-2019-14378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
    },
    {
      "name": "CVE-2016-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
    },
    {
      "name": "CVE-2019-12312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
    },
    {
      "name": "CVE-2013-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
    },
    {
      "name": "CVE-2019-16935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
    },
    {
      "name": "CVE-2015-6525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
    },
    {
      "name": "CVE-2016-6581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
    },
    {
      "name": "CVE-2013-4520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
    },
    {
      "name": "CVE-2014-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
    },
    {
      "name": "CVE-2014-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
    },
    {
      "name": "CVE-2015-9381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
    },
    {
      "name": "CVE-2016-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
    },
    {
      "name": "CVE-2018-14598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
    },
    {
      "name": "CVE-2014-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
    },
    {
      "name": "CVE-2018-20852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
    },
    {
      "name": "CVE-2012-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
    },
    {
      "name": "CVE-2018-7208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
    },
    {
      "name": "CVE-2018-12910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
    },
    {
      "name": "CVE-2019-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
    },
    {
      "name": "CVE-2015-7497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
    },
    {
      "name": "CVE-2019-7665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
    },
    {
      "name": "CVE-2018-15854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
    },
    {
      "name": "CVE-2019-13404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
    },
    {
      "name": "CVE-2015-5160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
    },
    {
      "name": "CVE-2018-10767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
    },
    {
      "name": "CVE-2018-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
    },
    {
      "name": "CVE-2016-3076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
    },
    {
      "name": "CVE-2018-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
    },
    {
      "name": "CVE-2018-18521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
    },
    {
      "name": "CVE-2018-19788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
    },
    {
      "name": "CVE-2019-8322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
    },
    {
      "name": "CVE-2019-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
    },
    {
      "name": "CVE-2016-9189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2018-14647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2019-14906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
    },
    {
      "name": "CVE-2018-1000073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
    },
    {
      "name": "CVE-2019-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
    },
    {
      "name": "CVE-2017-1000158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
    },
    {
      "name": "CVE-2019-7635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
    },
    {
      "name": "CVE-2019-7576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
    },
    {
      "name": "CVE-2019-14834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
    },
    {
      "name": "CVE-2018-15855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
    },
    {
      "name": "CVE-2019-7149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
    },
    {
      "name": "CVE-2018-7642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
    },
    {
      "name": "CVE-2019-5010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
    },
    {
      "name": "CVE-2018-12641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
    },
    {
      "name": "CVE-2021-3396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2017-15268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
    },
    {
      "name": "CVE-2018-15587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
    },
    {
      "name": "CVE-2016-10746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
    },
    {
      "name": "CVE-2017-13711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
    },
    {
      "name": "CVE-2014-8131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
    },
    {
      "name": "CVE-2014-9601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
    },
    {
      "name": "CVE-2014-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
    },
    {
      "name": "CVE-2018-10373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
    },
    {
      "name": "CVE-2017-17790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
    },
    {
      "name": "CVE-2011-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
    },
    {
      "name": "CVE-2018-1000802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
    },
    {
      "name": "CVE-2017-7555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
    },
    {
      "name": "CVE-2016-9015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
    },
    {
      "name": "CVE-2017-13720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
    },
    {
      "name": "CVE-2018-11782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
    },
    {
      "name": "CVE-2017-11671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
    },
    {
      "name": "CVE-2017-10664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
    },
    {
      "name": "CVE-2018-11213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
    },
    {
      "name": "CVE-2013-6457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
    },
    {
      "name": "CVE-2019-10138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
    },
    {
      "name": "CVE-2019-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
    },
    {
      "name": "CVE-2020-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
    },
    {
      "name": "CVE-2017-11368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
    },
    {
      "name": "CVE-2018-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
    },
    {
      "name": "CVE-2019-20485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
    },
    {
      "name": "CVE-2003-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
    },
    {
      "name": "CVE-2017-15289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
    },
    {
      "name": "CVE-2016-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
    },
    {
      "name": "CVE-2017-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
    },
    {
      "name": "CVE-2018-15864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
    },
    {
      "name": "CVE-2017-18207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
    },
    {
      "name": "CVE-2019-12761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
    },
    {
      "name": "CVE-2013-5651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
    },
    {
      "name": "CVE-2017-17522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
    },
    {
      "name": "CVE-2019-20382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
    },
    {
      "name": "CVE-2016-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
    },
    {
      "name": "CVE-2019-14287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
    },
    {
      "name": "CVE-2018-18520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2019-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
    },
    {
      "name": "CVE-2015-5652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
    },
    {
      "name": "CVE-2019-7572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
    },
    {
      "name": "CVE-2017-6519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
    },
    {
      "name": "CVE-2018-10906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
    },
    {
      "name": "CVE-2018-15863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
    },
    {
      "name": "CVE-2018-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
    },
    {
      "name": "CVE-2018-1000079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
    },
    {
      "name": "CVE-2019-7664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
    },
    {
      "name": "CVE-2017-5992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
    },
    {
      "name": "CVE-2019-16865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
    },
    {
      "name": "CVE-2019-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
    },
    {
      "name": "CVE-2018-1000076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
    },
    {
      "name": "CVE-2018-1000030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
    },
    {
      "name": "CVE-2018-1000074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
    },
    {
      "name": "CVE-2017-0901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
    },
    {
      "name": "CVE-2018-7568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
    },
    {
      "name": "CVE-2016-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
    },
    {
      "name": "CVE-2018-15688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
    },
    {
      "name": "CVE-2018-14599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
    },
    {
      "name": "CVE-2018-10733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
    },
    {
      "name": "CVE-2016-9396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
    },
    {
      "name": "CVE-2019-10160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
    },
    {
      "name": "CVE-2017-7562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
    },
    {
      "name": "CVE-2016-1000032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
    },
    {
      "name": "CVE-2017-15124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
    },
    {
      "name": "CVE-2018-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
    },
    {
      "name": "CVE-2013-4399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
    },
    {
      "name": "CVE-2019-7636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
    },
    {
      "name": "CVE-2014-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
    },
    {
      "name": "CVE-2018-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
    },
    {
      "name": "CVE-2017-0903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
    },
    {
      "name": "CVE-2018-15856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
    },
    {
      "name": "CVE-2018-1000078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
    },
    {
      "name": "CVE-2019-7573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
    },
    {
      "name": "CVE-2018-1000077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
    },
    {
      "name": "CVE-2010-2237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
    },
    {
      "name": "CVE-2018-1000876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
    },
    {
      "name": "CVE-2018-14348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
    },
    {
      "name": "CVE-2019-3890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
    },
    {
      "name": "CVE-2015-7498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
    },
    {
      "name": "CVE-2019-7577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
    },
    {
      "name": "CVE-2016-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
    },
    {
      "name": "CVE-2018-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
    },
    {
      "name": "CVE-2013-4297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
    },
    {
      "name": "CVE-2010-2238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
    },
    {
      "name": "CVE-2018-14600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
    },
    {
      "name": "CVE-2017-13090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
    },
    {
      "name": "CVE-2013-7336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
    },
    {
      "name": "CVE-2018-10372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
    },
    {
      "name": "CVE-2019-7637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
    },
    {
      "name": "CVE-2018-11806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
    },
    {
      "name": "CVE-2018-7643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
    },
    {
      "name": "CVE-2015-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
    },
    {
      "name": "CVE-2018-1000117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
    },
    {
      "name": "CVE-2014-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
    },
    {
      "name": "CVE-2013-2230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
    },
    {
      "name": "CVE-2018-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
    },
    {
      "name": "CVE-2014-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
    },
    {
      "name": "CVE-2019-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
    },
    {
      "name": "CVE-2020-12663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
    },
    {
      "name": "CVE-2018-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
    },
    {
      "name": "CVE-2017-16611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
    },
    {
      "name": "CVE-2014-7823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
    },
    {
      "name": "CVE-2020-10703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
    },
    {
      "name": "CVE-2018-7569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
    },
    {
      "name": "CVE-2013-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2015-9382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
    },
    {
      "name": "CVE-2017-18190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
    },
    {
      "name": "CVE-2016-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
    },
    {
      "name": "CVE-2018-13033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
    },
    {
      "name": "CVE-2016-9190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
    },
    {
      "name": "CVE-2019-7574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
    },
    {
      "name": "CVE-2016-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
    },
    {
      "name": "CVE-2016-5699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
    },
    {
      "name": "CVE-2011-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
    },
    {
      "name": "CVE-2020-5208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
    },
    {
      "name": "CVE-2019-6778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
    },
    {
      "name": "CVE-2020-10772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
    },
    {
      "name": "CVE-2020-25637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
    },
    {
      "name": "CVE-2018-10360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
    },
    {
      "name": "CVE-2018-15859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
    },
    {
      "name": "CVE-2017-13089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
    },
    {
      "name": "CVE-2019-12779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
    },
    {
      "name": "CVE-2019-1010238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
    },
    {
      "name": "CVE-2019-6690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
    },
    {
      "name": "CVE-2015-8317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
    },
    {
      "name": "CVE-2018-4181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
    },
    {
      "name": "CVE-2019-8323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
    },
    {
      "name": "CVE-2016-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
    },
    {
      "name": "CVE-2018-14498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
    },
    {
      "name": "CVE-2018-15861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
    },
    {
      "name": "CVE-2019-7150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2016-5008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
    },
    {
      "name": "CVE-2014-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
    }
  ],
  "initial_release_date": "2022-03-23T00:00:00",
  "last_revision_date": "2022-03-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-267",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2021-AVI-172

Vulnerability from certfr_avis - Published: 2021-03-05 - Updated: 2021-03-05

GRUB2 est le bootloader le plus couramment utilisé par les distributions Linux pour démarrer le système d'exploitation.

De multiples vulnérabilités ont été découvertes dans GRUB2. Elles permettent à un attaquant, ayant la possibilité de passer une commande à GRUB2 ou de manipuler d'autres ressources utilisées par GRUB2, de provoquer une exécution de code arbitraire. Pour y parvenir, l'attaquant doit avoir les droits administrateurs ou avoir un accès physique à un équipement afin de manipuler la séquence de démarrage (via un support amovible ou via la modification du disque de boot de la machine). Ces méthodes permettent donc de compromettre une machine même si celle-ci n'a pas Linux d'installé à l'origine.

Solution

Les mises à jour publiées par les éditeurs de distribution Linux doivent être appliquées sur les machines utilisant GRUB2.

soit en appliquant les mesures préconisées par Microsoft pour les machines installées avec un système d'exploitation Windows
soit en appliquant les mesures préconisées par l'éditeur de la distribution Linux lorsque celui propose une mise à jour de Secure Boot
soit en appliquant une mise à jour de BIOS publiée par le constructeur de l'équipement

Cette mise à jour de DBX doit donc être réalisée après avoir mis à jour GRUB2 sur les machines pour ne pas risque un blocage au moment du démarrage.

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Toute machine configurée avec Secure Boot pour sécuriser la séquence de démarrage de son système d'exploitation

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Ubuntu du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité GRUB du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Red Hat du 02 mars 2021	None	vendor-advisory
Bulletin de sécurité Microsoft du 04 mars 2021	None	vendor-advisory
Bulletin de sécurité SUSE du 02 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Toute machine configur\u00e9e avec Secure Boot pour s\u00e9curiser la s\u00e9quence de d\u00e9marrage de son syst\u00e8me d\u0027exploitation",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nLes mises \u00e0 jour publi\u00e9es par les \u00e9diteurs de distribution Linux doivent\n\u00eatre appliqu\u00e9es sur les machines utilisant GRUB2.\n\nAfin de r\u00e9tablir la cha\u00eene de confiance Secure Boot, toutes les machines\nconfigur\u00e9es avec Secure Boot devront \u00eatre mises \u00e0 jour pour interdire\nl\u0027utilisation des versions GRUB2 vuln\u00e9rables. Cette \u00e9tape consiste \u00e0\nactualiser les fichiers DB et DBX qui r\u00e9f\u00e9rencent respectivement les\nbootloaders de confiance et les bootloaders r\u00e9voqu\u00e9s par Secure Boot :\n\n-   soit en appliquant les mesures pr\u00e9conis\u00e9es par Microsoft pour les\n    machines install\u00e9es avec un syst\u00e8me d\u0027exploitation Windows\n-   soit en appliquant les mesures pr\u00e9conis\u00e9es par l\u0027\u00e9diteur de la\n    distribution Linux lorsque celui propose une mise \u00e0 jour de Secure\n    Boot\n-   soit en appliquant une mise \u00e0 jour de BIOS publi\u00e9e par le\n    constructeur de l\u0027\u00e9quipement\n\nCette mise \u00e0 jour de DBX doit donc \u00eatre r\u00e9alis\u00e9e apr\u00e8s avoir mis \u00e0 jour\nGRUB2 sur les machines pour ne pas risque un blocage au moment du\nd\u00e9marrage.\n\n**Le CERT-FR recommande donc fortement de se r\u00e9f\u00e9rer aux diff\u00e9rentes\npublications des \u00e9diteurs disponibles \u00e0 ce jour (cf. r\u00e9f\u00e9rences\ndocumentaires) afin de d\u00e9terminer le plan d\u0027actions adapt\u00e9 \u00e0 chaque\nconfiguration.**\n",
  "cves": [
    {
      "name": "CVE-2021-3418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3418"
    },
    {
      "name": "CVE-2021-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20225"
    },
    {
      "name": "CVE-2020-27779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27779"
    },
    {
      "name": "CVE-2020-25632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25632"
    },
    {
      "name": "CVE-2021-20233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20233"
    },
    {
      "name": "CVE-2020-14372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14372"
    },
    {
      "name": "CVE-2020-15705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
    },
    {
      "name": "CVE-2020-27749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27749"
    },
    {
      "name": "CVE-2020-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25647"
    }
  ],
  "initial_release_date": "2021-03-05T00:00:00",
  "last_revision_date": "2021-03-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-172",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "GRUB2 est le bootloader le plus couramment utilis\u00e9 par les distributions\nLinux pour d\u00e9marrer le syst\u00e8me d\u0027exploitation.\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GRUB2. Elles\npermettent \u00e0 un attaquant, ayant la possibilit\u00e9 de passer une commande \u00e0\nGRUB2 ou de manipuler d\u0027autres ressources utilis\u00e9es par GRUB2, de\nprovoquer une ex\u00e9cution de code arbitraire. Pour y parvenir, l\u0027attaquant\ndoit avoir les droits administrateurs ou avoir un acc\u00e8s physique \u00e0 un\n\u00e9quipement afin de manipuler la s\u00e9quence de d\u00e9marrage (via un support\namovible ou via la modification du disque de boot de la machine). Ces\nm\u00e9thodes permettent donc de compromettre une machine m\u00eame si celle-ci\nn\u0027a pas Linux d\u0027install\u00e9 \u00e0 l\u0027origine.\n\nEn agissant ainsi sur une machine configur\u00e9e avec Secure Boot,\nl\u0027attaquant est alors en capacit\u00e9 de rompre la cha\u00eene de confiance et de\nd\u00e9ployer du code malveillant pour compromettre la machine de fa\u00e7on\npersistante sans \u00eatre d\u00e9tect\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans GRUB",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 02 mars 2021",
      "url": "https://kb.vmware.com/s/article/82763"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 02 mars 2021",
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 GRUB du 02 mars 2021",
      "url": "https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat du 02 mars 2021",
      "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-003"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 04 mars 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/ADV200011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE du 02 mars 2021",
      "url": "https://www.suse.com/support/kb/doc/?id=000019892"
    }
  ]
}

GSD-2020-15705

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-15705

Aliases

CVE-2020-15705

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-15705",
    "description": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",
    "id": "GSD-2020-15705",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-15705.html",
      "https://access.redhat.com/errata/RHSA-2020:3276",
      "https://access.redhat.com/errata/RHSA-2020:3275",
      "https://access.redhat.com/errata/RHSA-2020:3274",
      "https://access.redhat.com/errata/RHSA-2020:3273",
      "https://access.redhat.com/errata/RHSA-2020:3271",
      "https://access.redhat.com/errata/RHSA-2020:3227",
      "https://access.redhat.com/errata/RHSA-2020:3223",
      "https://access.redhat.com/errata/RHSA-2020:3217",
      "https://access.redhat.com/errata/RHSA-2020:3216",
      "https://ubuntu.com/security/CVE-2020-15705",
      "https://advisories.mageia.org/CVE-2020-15705.html",
      "https://linux.oracle.com/cve/CVE-2020-15705.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-15705"
      ],
      "details": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",
      "id": "GSD-2020-15705",
      "modified": "2023-12-13T01:21:43.594208Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@ubuntu.com",
        "DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
        "ID": "CVE-2020-15705",
        "STATE": "PUBLIC",
        "TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "grub2 in Ubuntu",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "20.04 LTS",
                          "version_value": "2.04-1ubuntu26.1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "18.04 LTS",
                          "version_value": "2.02-2ubuntu8.16"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.04 LTS",
                          "version_value": "2.02~beta2-36ubuntu3.26"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.04 ESM",
                          "version_value": "2.02~beta2-9ubuntu1.20"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Ubuntu"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Mathieu Trudel-Lapierre"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-347 Improper Verification of Cryptographic Signature"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
            "refsource": "CONFIRM",
            "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
          },
          {
            "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
            "refsource": "UBUNTU",
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
          },
          {
            "name": "http://ubuntu.com/security/notices/USN-4432-1",
            "refsource": "UBUNTU",
            "url": "http://ubuntu.com/security/notices/USN-4432-1"
          },
          {
            "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
          },
          {
            "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
          },
          {
            "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
            "refsource": "SUSE",
            "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
          },
          {
            "name": "https://www.suse.com/support/kb/doc/?id=000019673",
            "refsource": "SUSE",
            "url": "https://www.suse.com/support/kb/doc/?id=000019673"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
            "refsource": "CONFIRM",
            "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
            "refsource": "CONFIRM",
            "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
          },
          {
            "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
          },
          {
            "name": "USN-4432-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4432-1/"
          },
          {
            "name": "openSUSE-SU-2020:1280",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
          },
          {
            "name": "openSUSE-SU-2020:1282",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
          },
          {
            "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
          },
          {
            "name": "GLSA-202104-05",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202104-05"
          },
          {
            "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
          },
          {
            "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
          },
          {
            "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
          }
        ]
      },
      "source": {
        "advisory": "USN 4432-1",
        "defect": [
          "https://launchpad.net/bugs/1801968"
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.04",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2020-15705"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.suse.com/support/kb/doc/?id=000019673",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.suse.com/support/kb/doc/?id=000019673"
            },
            {
              "name": "http://ubuntu.com/security/notices/USN-4432-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://ubuntu.com/security/notices/USN-4432-1"
            },
            {
              "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
            },
            {
              "name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
            },
            {
              "name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
            },
            {
              "name": "USN-4432-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4432-1/"
            },
            {
              "name": "openSUSE-SU-2020:1280",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
            },
            {
              "name": "openSUSE-SU-2020:1282",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
            },
            {
              "name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
            },
            {
              "name": "GLSA-202104-05",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202104-05"
            },
            {
              "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
            },
            {
              "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
            },
            {
              "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-18T15:22Z",
      "publishedDate": "2020-07-29T18:15Z"
    }
  }
}

GHSA-W739-FJV8-98PQ

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24

Details

Severity ?

6.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-15705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-29T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.",
  "id": "GHSA-w739-fjv8-98pq",
  "modified": "2022-05-24T17:24:37Z",
  "published": "2022-05-24T17:24:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15705"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-05"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200731-0008"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4432-1"
    },
    {
      "type": "WEB",
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
    },
    {
      "type": "WEB",
      "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "type": "WEB",
      "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue"
    },
    {
      "type": "WEB",
      "url": "https://www.suse.com/support/kb/doc/?id=000019673"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/security/notices/USN-4432-1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-15705

Vulnerability from fkie_nvd - Published: 2020-07-29 18:15 - Updated: 2024-11-21 05:06

Severity ?

6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@ubuntu.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html	Mailing List, Third Party Advisory
security@ubuntu.com	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html	Mailing List, Third Party Advisory
security@ubuntu.com	http://ubuntu.com/security/notices/USN-4432-1	Third Party Advisory
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2020/07/29/3	Mailing List, Third Party Advisory
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2021/03/02/3	Mailing List, Third Party Advisory
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2021/09/17/2	Mailing List, Third Party Advisory
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2021/09/17/4	Mailing List, Third Party Advisory
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2021/09/21/1	Mailing List, Third Party Advisory
security@ubuntu.com	https://access.redhat.com/security/vulnerabilities/grub2bootloader	Third Party Advisory
security@ubuntu.com	https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html	Issue Tracking, Vendor Advisory
security@ubuntu.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011	Patch, Third Party Advisory, Vendor Advisory
security@ubuntu.com	https://security.gentoo.org/glsa/202104-05	Third Party Advisory
security@ubuntu.com	https://security.netapp.com/advisory/ntap-20200731-0008/	Third Party Advisory
security@ubuntu.com	https://usn.ubuntu.com/4432-1/	Third Party Advisory
security@ubuntu.com	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass	Third Party Advisory
security@ubuntu.com	https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot	Third Party Advisory
security@ubuntu.com	https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/	Third Party Advisory
security@ubuntu.com	https://www.openwall.com/lists/oss-security/2020/07/29/3	Mailing List, Third Party Advisory
security@ubuntu.com	https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/	Third Party Advisory
security@ubuntu.com	https://www.suse.com/support/kb/doc/?id=000019673	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/security/notices/USN-4432-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/07/29/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/03/02/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/09/17/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/09/17/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/09/21/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/vulnerabilities/grub2bootloader	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011	Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202104-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200731-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4432-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2020/07/29/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.suse.com/support/kb/doc/?id=000019673	Third Party Advisory

Impacted products

Vendor	Product	Version
gnu	grub2	*
redhat	enterprise_linux_atomic_host	-
redhat	openshift_container_platform	4.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04
debian	debian_linux	10.0
opensuse	leap	15.1
opensuse	leap	15.2
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
suse	suse_linux_enterprise_server	11
suse	suse_linux_enterprise_server	12
suse	suse_linux_enterprise_server	15
microsoft	windows_10	-
microsoft	windows_10	1607
microsoft	windows_10	1709
microsoft	windows_10	1803
microsoft	windows_10	1809
microsoft	windows_10	1903
microsoft	windows_10	1909
microsoft	windows_10	2004
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
microsoft	windows_server_2016	-
microsoft	windows_server_2016	1903
microsoft	windows_server_2016	1909
microsoft	windows_server_2016	2004
microsoft	windows_server_2019	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3627EF-FE69-44D7-96D5-E40FF30ED38B",
              "versionEndIncluding": "2.04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "93AD897C-C9F7-4B4D-BC39-5E13920383D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF73A3D9-6566-4CBF-AA5F-5A4B99719A1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
    },
    {
      "lang": "es",
      "value": "GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cu\u00f1a, permitiendo que el arranque seguro sea omitido. Esto solo afecta a los sistemas en los que el certificado de firma del kernel ha sido importado directamente a la base de datos de arranque seguro y la imagen de GRUB es iniciada directamente sin el uso de cu\u00f1a. Este problema afecta a GRUB2 versiones 2.04 y versiones anteriores"
    }
  ],
  "id": "CVE-2020-15705",
  "lastModified": "2024-11-21T05:06:03.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-29T18:15:14.187",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/security/notices/USN-4432-1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-05"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4432-1/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/support/kb/doc/?id=000019673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/security/notices/USN-4432-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202104-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4432-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/support/kb/doc/?id=000019673"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-16938

Vulnerability from cnvd - Published: 2021-03-11

Title

grub2数据伪造问题漏洞

Description

grub2是GNU计划的一款Linux系统引导程序。 GRUB2 2.04及之前版本中存在数据伪造问题漏洞。该漏洞源于当无shim直接启动时，程序未验证内核签名。攻击者可利用该漏洞绕过安全启动。

Severity

中

Patch Name

grub2数据伪造问题漏洞的补丁

Patch Description

grub2是GNU计划的一款Linux系统引导程序。 GRUB2 2.04及之前版本中存在数据伪造问题漏洞。该漏洞源于当无shim直接启动时，程序未验证内核签名。攻击者可利用该漏洞绕过安全启动。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html

Reference

http://www.openwall.com/lists/oss-security/2020/07/29/3

Impacted products

Name
GNU GRUB2 <=2.04

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15705",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15705"
    }
  },
  "description": "grub2\u662fGNU\u8ba1\u5212\u7684\u4e00\u6b3eLinux\u7cfb\u7edf\u5f15\u5bfc\u7a0b\u5e8f\u3002\n\nGRUB2 2.04\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u65e0shim\u76f4\u63a5\u542f\u52a8\u65f6\uff0c\u7a0b\u5e8f\u672a\u9a8c\u8bc1\u5185\u6838\u7b7e\u540d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u542f\u52a8\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-16938",
  "openTime": "2021-03-11",
  "patchDescription": "grub2\u662fGNU\u8ba1\u5212\u7684\u4e00\u6b3eLinux\u7cfb\u7edf\u5f15\u5bfc\u7a0b\u5e8f\u3002\r\n\r\nGRUB2 2.04\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u65e0shim\u76f4\u63a5\u542f\u52a8\u65f6\uff0c\u7a0b\u5e8f\u672a\u9a8c\u8bc1\u5185\u6838\u7b7e\u540d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u542f\u52a8\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "grub2\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNU GRUB2 \u003c=2.04"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2020/07/29/3",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-31",
  "title": "grub2\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-15705 (GCVE-0-2020-15705)

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature