CVE-2020-26200

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221	Broken Link
https://github.com/CVEProject/cvelist/blob/master/2020/26xxx/CVE-2020-26200.json	Third Party Advisory
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kaspersky:endpoint_security:10:sp2_mr2::::::
	cpe:2.3:a:kaspersky:endpoint_security:10:sp2_mr3::::::
	cpe:2.3:a:kaspersky:endpoint_security:11.0.0:::::::*
	cpe:2.3:a:kaspersky:endpoint_security:11.0.1:::::::*
	cpe:2.3:a:kaspersky:endpoint_security:11.1.0:::::::*
	cpe:2.3:a:kaspersky:rescue_disk::::::::

History

21 Nov 2024, 05:19

Type	Values Removed	Values Added
References	~~() https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221 - Broken Link~~	() https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221 - Broken Link

Information

Published : 2021-02-26 14:15

Updated : 2024-11-21 05:19

NVD link : CVE-2020-26200

Mitre link : CVE-2020-26200

CVE.ORG link : CVE-2020-26200

JSON object : View

Products Affected

kaspersky

endpoint_security
rescue_disk

CWE

CWE-287

Improper Authentication

{"id": "CVE-2020-26200", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2021-02-26T14:15:12.037", "references": [{"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221", "tags": ["Broken Link"], "source": "vulnerability@kaspersky.com"}, {"url": "https://github.com/CVEProject/cvelist/blob/master/2020/26xxx/CVE-2020-26200.json", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component."}, {"lang": "es", "value": "Un componente del cargador de arranque personalizado de Kaspersky permiti\u00f3 la carga de m\u00f3dulos UEFI no confiables debido a una comprobaci\u00f3n insuficiente de su autenticidad. Este componente est\u00e1 incorporado en Kaspersky Rescue Disk (KRD) y fue confiable mediante el Agente de Autenticaci\u00f3n de Full Disk Encryption en Kaspersky Endpoint Security (KES). Este problema permiti\u00f3 omitir la caracter\u00edstica de seguridad UEFI Secure Boot. Un atacante necesitar\u00eda acceso f\u00edsico a la computadora para explotarla. De lo contrario, se necesitar\u00edan privilegios de administrador local para modificar el componente del cargador de arranque"}], "lastModified": "2024-11-21T05:19:30.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky:endpoint_security:10:sp2_mr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8F4B967-14F4-4D86-BBD3-9EC1FB5EA19D"}, {"criteria": "cpe:2.3:a:kaspersky:endpoint_security:10:sp2_mr3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B709977-183E-447C-9ABF-09C3FA952923"}, {"criteria": "cpe:2.3:a:kaspersky:endpoint_security:11.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E845C95-F057-4E8F-8792-47B4AB79C45A"}, {"criteria": "cpe:2.3:a:kaspersky:endpoint_security:11.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA831F0C-84E9-4421-9BED-764C79E4B1BB"}, {"criteria": "cpe:2.3:a:kaspersky:endpoint_security:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E8FE1D5-5EB7-453A-8115-6A13B9EF01E6"}, {"criteria": "cpe:2.3:a:kaspersky:rescue_disk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "833A59BB-3403-4BFC-9161-0D0903C16F12", "versionEndExcluding": "18.0.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerability@kaspersky.com"}