CVE-2020-15224

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.

CVSS v3 6.8 MEDIUM
CVSS v2.0 2.7 LOW

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.7^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120	Release Notes Third Party Advisory
https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b	Patch Third Party Advisory
https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*

History

18 Nov 2021, 17:00

Type	Values Removed	Values Added
CWE	~~CWE-552~~	NVD-CWE-Other

Information

Published : 2020-10-14 19:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-15224

Mitre link : CVE-2020-15224

CVE.ORG link : CVE-2020-15224

JSON object : View

Products Affected

openenclave

openenclave

CWE

NVD-CWE-Other CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2020-15224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2020-10-14T19:15:13.633", "references": [{"url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."}, {"lang": "es", "value": "En Open Enclave versiones anteriores a 0.12.0, se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando una aplicaci\u00f3n enclave que usa las llamadas al sistema proporcionadas por el archivo sockets.edl es cargada por una aplicaci\u00f3n de host maliciosa. Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda leer datos privilegiados de la pila de enclave a trav\u00e9s de l\u00edmites confiables. Para explotar esta vulnerabilidad, un atacante tendr\u00eda que iniciar sesi\u00f3n en un sistema afectado y ejecutar una aplicaci\u00f3n especialmente dise\u00f1ada. La vulnerabilidad no permitir\u00eda a un atacante elevar los derechos de usuarios directamente, pero podr\u00eda ser usada para obtener informaci\u00f3n que de otro modo se considerar\u00eda confidencial en un enclave, que podr\u00eda usarse en compromisos adicionales. El problema ha sido abordado en la versi\u00f3n 0.12.0 y en la rama maestra actual. Los usuarios deber\u00e1n volver a compilar sus aplicaciones con las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad"}], "lastModified": "2021-11-18T17:00:11.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99DFEB28-6E1E-4073-9AFF-F09D44D22F7E", "versionEndExcluding": "0.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}