vulnerability
SUSE: CVE-2020-27208: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | May 21, 2021 | Jul 13, 2021 | Jul 13, 2021 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
May 21, 2021
Added
Jul 13, 2021
Modified
Jul 13, 2021
Description
The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.
Solution
suse-upgrade-solo-udev
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.