CVE-2020-25860

Medium CVSS 6.6

Overview

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.

CWE: CWE-367 Published: 2020-12-21T18:15:15.227

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.6 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags