CVE-2020-10282

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/rligocki/Diploma_thesis_px4	Third Party Advisory
https://github.com/rligocki/Diploma_thesis_px4	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dronecode:micro_air_vehicle_link:1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type	Values Removed	Values Added
References	~~() https://github.com/rligocki/Diploma_thesis_px4 - Third Party Advisory~~	() https://github.com/rligocki/Diploma_thesis_px4 - Third Party Advisory

Information

Published : 2020-07-03 15:15

Updated : 2024-11-21 04:55

NVD link : CVE-2020-10282

Mitre link : CVE-2020-10282

CVE.ORG link : CVE-2020-10282

JSON object : View

Products Affected

dronecode

micro_air_vehicle_link

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2020-10282", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-07-03T15:15:09.870", "references": [{"url": "https://github.com/rligocki/Diploma_thesis_px4", "tags": ["Third Party Advisory"], "source": "cve@aliasrobotics.com"}, {"url": "https://github.com/rligocki/Diploma_thesis_px4", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable."}, {"lang": "es", "value": "El protocolo Micro Air Vehicle Link (MAVLink) no presenta ning\u00fan mecanismo de autenticaci\u00f3n en su versi\u00f3n 1.0 (ni autorizaci\u00f3n), lo que conlleva a una variedad de ataques que incluyen suplantaci\u00f3n de identidad, acceso no autorizado, ataques PITM y m\u00e1s. De acuerdo a la literatura, la versi\u00f3n 2.0 opcionalmente permite la firma de paquetes que mitiga este fallo. Otra fuente menciona que MAVLink versi\u00f3n 2.0 solo proporciona un sistema de autenticaci\u00f3n simple basado en HMAC. Esto implica que el sistema de vuelo en general deber\u00eda agregar la misma clave sim\u00e9trica en todos los dispositivos de la red. Si no es el caso, esto puede causar un problema de seguridad, que si uno de los dispositivos y su clave sim\u00e9trica est\u00e1n comprometidos, todo el sistema de autenticaci\u00f3n no es confiable"}], "lastModified": "2024-11-21T04:55:08.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dronecode:micro_air_vehicle_link:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F56CC677-E829-48A5-B01B-9B33F13C084B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@aliasrobotics.com"}