CVE-2020-13799 — Authentication Bypass by Capture-replay in Inand CL Em132 Firmware

CWE-294 — Authentication Bypass by Capture-replay4 documents2 sources

Severity

9.8CRITICALNVD

NVD6.8

EPSS

0.1%

top 82.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linaro Op-tee Westerndigital Inand CL Em132 Firmware Westerndigital Inand IX Em132 Firmware +2 more

Timeline

PublishedNov 18

Latest updateMay 24

Description

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the…

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages5 packages

▶NVDwesterndigital/inand_cl_em132_firmware2020-06-03

▶NVDwesterndigital/inand_ix_em132_firmware2020-06-03

▶NVDwesterndigital/inand_ix_em132_xi_firmware2020-06-03

▶NVDlinaro/op-tee3.11.0

▶NVDgoogle/android4 versions+3

🔴Vulnerability Details

GHSA

GHSA-w82c-75f7-qr29: Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack↗2022-05-24

▶

GHSA

GHSA-gv37-4vjv-96xm: An issue was discovered on Samsung mobile devices with O(8↗2022-05-24

▶