CVE-2020-26933 - Vulnerability Details - OpenCVE

Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trustedcomputinggroup	Trusted Platform Module

Configuration 1 [-]

OR	cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38::::::
	cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.40::::::
	cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59::::::

No data.

References

Link	Providers
https://trustedcomputinggroup.org/about/security/
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-18T16:50:32

Updated: 2024-08-04T16:03:23.184Z

Reserved: 2020-10-10T00:00:00

Link: CVE-2020-26933

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-18T17:15:11.680

Modified: 2024-11-21T05:20:31.877

Link: CVE-2020-26933

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-18T16:50:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://trustedcomputinggroup.org/about/security/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26933", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://trustedcomputinggroup.org/about/security/", "refsource": "MISC", "url": "https://trustedcomputinggroup.org/about/security/"}, {"name": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf", "refsource": "CONFIRM", "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:23.184Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://trustedcomputinggroup.org/about/security/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26933", "datePublished": "2020-11-18T16:50:32", "dateReserved": "2020-10-10T00:00:00", "dateUpdated": "2024-08-04T16:03:23.184Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*", "matchCriteriaId": "6F43ED59-0C7E-4BBB-8931-4033AEC36269", "vulnerable": true}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.40:*:*:*:*:*:*", "matchCriteriaId": "BC9AD1C2-5D7E-47FC-9B79-E57FE917FD0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*", "matchCriteriaId": "2FC8BA48-73AA-483B-9276-A0605B15F22F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack."}, {"lang": "es", "value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions versiones 1.38 hasta 1.59, presenta un Control de Acceso Inapropiado durante un apagado no ordenado de TPM que usa USE_DA_USED. Una inicializaci\u00f3n inapropiada de este apagado puede resultar en una susceptibilidad a un ataque de tipo dictionary"}], "id": "CVE-2020-26933", "lastModified": "2024-11-21T05:20:31.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-18T17:15:11.680", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://trustedcomputinggroup.org/about/security/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://trustedcomputinggroup.org/about/security/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}