Sign-up

ID

VAR-202007-0165


CVE

CVE-2020-10282


TITLE

Micro Air Vehicle Link Vulnerability in lack of authentication for critical features in the protocol

Trust: 0.8

sources: JVNDB: JVNDB-2020-007648

DESCRIPTION

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10282 // JVNDB: JVNDB-2020-007648

IOT TAXONOMY

category:['vehicle device']sub_category:drone

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:dronecodemodel:micro air vehicle linkscope:eqversion:1.0.0

Trust: 1.0

vendor:dronecodemodel:micro air vehicle link protocolscope:eqversion:1.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007648 // NVD: CVE-2020-10282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10282
value: CRITICAL

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10282
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007648
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-224
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10282
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007648
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-10282
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10282
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007648
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007648 // CNNVD: CNNVD-202007-224 // NVD: CVE-2020-10282 // NVD: CVE-2020-10282

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2020-007648 // NVD: CVE-2020-10282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-224

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202007-224

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007648

PATCH
title:rligocki /Diploma_thesis_px4url:https://github.com/rligocki/Diploma_thesis_px4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007648

EXTERNAL IDS
db:NVDid:CVE-2020-10282
Trust: 2.5
db:JVNDBid:JVNDB-2020-007648
Trust: 0.8
db:CNNVDid:CNNVD-202007-224
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007648 // 
            
            
            
            CNNVD: CNNVD-202007-224 // 
            
            
            
            NVD: CVE-2020-10282

REFERENCES
url:https://github.com/rligocki/diploma_thesis_px4
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-10282
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10282
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007648 // 
            
            
            
            CNNVD: CNNVD-202007-224 // 
            
            
            
            NVD: CVE-2020-10282

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2020-007648
db:CNNVDid:CNNVD-202007-224
db:NVDid:CVE-2020-10282

LAST UPDATE DATE
2025-01-30T20:34:47.652000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-007648date:2020-08-19T00:00:00
db:CNNVDid:CNNVD-202007-224date:2020-07-14T00:00:00
db:NVDid:CVE-2020-10282date:2024-11-21T04:55:08.047

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-007648date:2020-08-19T00:00:00
db:CNNVDid:CNNVD-202007-224date:2020-07-03T00:00:00
db:NVDid:CVE-2020-10282date:2020-07-03T15:15:09.870