CVE-2020-10283

{"id": "CVE-2020-10283", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-08-20T09:15:11.140", "references": [{"url": "https://github.com/aliasrobotics/RVD/issues/3316", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@aliasrobotics.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."}, {"lang": "es", "value": "El protocolo Micro Air Vehicle Link (MAVLink) presenta mecanismos de autenticaci\u00f3n en su versi\u00f3n 2.0, sin embargo, de acuerdo con su documentaci\u00f3n, para mantener la compatibilidad con versiones anteriores, GCS y autopilot negocian la versi\u00f3n por medio del mensaje AUTOPILOT_VERSION. Dado que esta negociaci\u00f3n depende de la respuesta, un atacante puede dise\u00f1ar paquetes de una manera que sugiera al autopilot que adopte la versi\u00f3n 1.0 de MAVLink para la comunicaci\u00f3n. Dada la falta de capacidades de autenticaci\u00f3n en dicha versi\u00f3n de MAVLink (refierase a CVE-2020-10282), los atacantes pueden usar este m\u00e9todo para omitir las capacidades de autenticaci\u00f3n e interactuar con el piloto autom\u00e1tico directamente."}], "lastModified": "2022-10-28T19:00:31.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dronecode:micro_air_vehicle_link:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F56CC677-E829-48A5-B01B-9B33F13C084B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@aliasrobotics.com"}