Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UpdateHub Module Explicitly Disables TLS Verification
Vulnerability Description
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
证书验证不恰当
Vulnerability Title
Zephyr 信任管理问题漏洞
Vulnerability Description
Zephyr是美国Linux基金会的一套开源的小型的可缩放的实时操作系统。 Zephyr 2.1.0及之后版本(2.2.0版本已修复)中的UpdateHub模块存在信任管理问题漏洞,该漏洞源于程序禁用了DTLS对等检查。攻击者可利用该漏洞进行中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A