Details of VAR-202009-0213

ID

VAR-202009-0213

CVE

CVE-2020-12787

TITLE

Microchip Atmel ATSAMA5 Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-011345

DESCRIPTION

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. Microchip Atmel ATSAMA5 The product contains unspecified vulnerabilities.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-12787 // JVNDB: JVNDB-2020-011345 // VULMON: CVE-2020-12787

AFFECTED PRODUCTS

vendor:	microchip	model:	atsama5d27c-d1g-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d42a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d26c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-ld2g-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d43b-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d24c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-ld2g-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d24c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d42b-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d23c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d35a-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d42a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27-som1	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d41b-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d33a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d225c-d1m-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d34a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d22c-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d35a-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d41a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d41a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d43a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d43a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d36a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d35a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-d5m-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-cnrvao	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d31a-cfu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d42b-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d26c-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d22c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-ld2g-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d31a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d31a-cfur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d33a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d41b-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-ld1g-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27-wlsom1	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d34a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d21c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d31a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d44a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-ld1g-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d24c-cuf	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d26c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d22c-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-ld2g-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d35a-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d44b-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-ld1g-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d23c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-d5m-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d23c-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d43b-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d36a-cn	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d22c-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-d1g-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d36a-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d44b-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d26c-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-ld1g-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d44a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-d1g-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d21c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d23c-cnr	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-d1g-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d27c-cnvao	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d36a-cu	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d28c-cur	scope:	eq	version:	-	Trust: 1.0
vendor:	microchip	model:	atsama5d21c-cur	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d21c-cu	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d22c-cnr	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d22c-cn	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d22c-cur	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d22c-cu	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d23c-cnr	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d23c-cn	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d23c-cur	scope:	-	version:	-	Trust: 0.8
vendor:	microchip	model:	atsama5d23c-cu	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011345 // NVD: CVE-2020-12787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12787
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12787
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-880
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-12787
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12787
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-12787
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12787
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-12787 // JVNDB: JVNDB-2020-011345 // CNNVD: CNNVD-202009-880 // NVD: CVE-2020-12787

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011345 // NVD: CVE-2020-12787

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-880

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-880

PATCH

title:	Top Page	url:	https://www.microchip.com/	Trust: 0.8
title:	Microchip Atmel ATSAMA5 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128571	Trust: 0.6
title:	SAMA5D-unlocker	url:	https://github.com/Philippe-Gandolfo/SAMA5D-unlocker	Trust: 0.1
title:	advisories	url:	https://github.com/f-secure-foundry/advisories	Trust: 0.1
title:	advisories	url:	https://github.com/inversepath/advisories	Trust: 0.1

sources: VULMON: CVE-2020-12787 // JVNDB: JVNDB-2020-011345 // CNNVD: CNNVD-202009-880

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12787	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011345	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-880	Trust: 0.6
db:	VULMON	id:	CVE-2020-12787	Trust: 0.1

sources: VULMON: CVE-2020-12787 // JVNDB: JVNDB-2020-011345 // CNNVD: CNNVD-202009-880 // NVD: CVE-2020-12787

REFERENCES

url:	https://labs.f-secure.com/advisories/microchip-atsama5-soc-multiple-vulnerabilities/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12787	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/philippe-gandolfo/sama5d-unlocker	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-12787 // JVNDB: JVNDB-2020-011345 // CNNVD: CNNVD-202009-880 // NVD: CVE-2020-12787

SOURCES

db:	VULMON	id:	CVE-2020-12787
db:	JVNDB	id:	JVNDB-2020-011345
db:	CNNVD	id:	CNNVD-202009-880
db:	NVD	id:	CVE-2020-12787

LAST UPDATE DATE

2024-11-23T22:40:57.886000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-12787	date:	2020-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-011345	date:	2021-03-29T08:51:00
db:	CNNVD	id:	CNNVD-202009-880	date:	2020-09-21T00:00:00
db:	NVD	id:	CVE-2020-12787	date:	2024-11-21T05:00:17.710

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-12787	date:	2020-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-011345	date:	2021-03-29T00:00:00
db:	CNNVD	id:	CNNVD-202009-880	date:	2020-09-14T00:00:00
db:	NVD	id:	CVE-2020-12787	date:	2020-09-14T14:15:10.743