Home > Vulnerability Database > CVE-2020-10713

Mend.io Vulnerability Database

CVE-2020-10713

Good to know:

Date: July 30, 2020

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Language: C

Severity Score

8.2

Related Resources (19)

Url: http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html

Url: https://security-tracker.debian.org/tracker/CVE-2020-10713

Url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY

Url: https://security.gentoo.org/glsa/202104-05

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1825243

Url: https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713

Url: https://www.kb.cert.org/vuls/id/174059

Url: https://security.netapp.com/advisory/ntap-20200731-0008/

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10713

Url: https://usn.ubuntu.com/4432-1/

Url: https://security.alpinelinux.org/vuln/CVE-2020-10713

Url: http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html

Url: https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

Url: https://www.debian.org/security/2020/dsa-4735

Url: http://www.openwall.com/lists/oss-security/2020/07/29/3

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-10713

Url: https://access.redhat.com/security/cve/CVE-2020-10713

Url: https://kb.vmware.com/s/article/80181

Url: https://www.mend.io/vulnerability-database/CVE-2020-10713

Severity Score

8.2

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version grub 2.06

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10713

Good to know:

Date: July 30, 2020

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?