Sign-up

ID

VAR-202008-0127


CVE

CVE-2020-13465


TITLE

Gigadevice GD32F103 Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-010346

DESCRIPTION

The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. Gigadevice GD32F103 The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Gigadevice GD32F103 is a Gigadevice microcontroller device. Gigadevice GD32F103 security protection has a code execution vulnerability

Trust: 2.16

sources: NVD: CVE-2020-13465 // JVNDB: JVNDB-2020-010346 // CNVD: CNVD-2020-52332

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52332

AFFECTED PRODUCTS

vendor:gigadevicemodel:gd32f103scope: - version: -

Trust: 1.4

vendor:gigadevicemodel:gd32f103scope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2020-52332 // JVNDB: JVNDB-2020-010346 // NVD: CVE-2020-13465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13465
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010346
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-52332
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-1452
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-13465
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010346
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52332
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-13465
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010346
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52332 // JVNDB: JVNDB-2020-010346 // CNNVD: CNNVD-202008-1452 // NVD: CVE-2020-13465

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-010346 // NVD: CVE-2020-13465

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-1452

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010346

PATCH
title:Top Pageurl:https://www.gigadevice.com/
Trust: 0.8
title:Patch for Gigadevice GD32F103 code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/234235
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52332 // 
            
            
            
            JVNDB: JVNDB-2020-010346

EXTERNAL IDS
db:NVDid:CVE-2020-13465
Trust: 3.0
db:JVNDBid:JVNDB-2020-010346
Trust: 0.8
db:CNVDid:CNVD-2020-52332
Trust: 0.6
db:CNNVDid:CNNVD-202008-1452
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52332 // 
            
            
            
            JVNDB: JVNDB-2020-010346 // 
            
            
            
            CNNVD: CNNVD-202008-1452 // 
            
            
            
            NVD: CVE-2020-13465

REFERENCES
url:https://www.usenix.org/system/files/woot20-paper-obermaier.pdf
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-13465
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13465
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-52332 // 
            
            
            
            JVNDB: JVNDB-2020-010346 // 
            
            
            
            CNNVD: CNNVD-202008-1452 // 
            
            
            
            NVD: CVE-2020-13465

SOURCES
db:CNVDid:CNVD-2020-52332
db:JVNDBid:JVNDB-2020-010346
db:CNNVDid:CNNVD-202008-1452
db:NVDid:CVE-2020-13465

LAST UPDATE DATE
2024-11-23T22:51:18.587000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52332date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2020-010346date:2021-01-07T07:54:49
db:CNNVDid:CNNVD-202008-1452date:2021-11-16T00:00:00
db:NVDid:CVE-2020-13465date:2024-11-21T05:01:19.500

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52332date:2020-09-16T00:00:00
db:JVNDBid:JVNDB-2020-010346date:2021-01-07T07:54:49
db:CNNVDid:CNNVD-202008-1452date:2020-08-31T00:00:00
db:NVDid:CVE-2020-13465date:2020-08-31T16:15:14.333