PT-2023-11767 · Swtpm · Swtpm

Marcus Meissner

Published

2022-07-08

Updated

2024-06-15

CVE-2020-28407

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions swtpm versions 0.4.1 and earlier swtpm versions 0.5.x before 0.5.1

Description A local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. This issue allows an attacker to potentially gain unauthorized access to sensitive data.

Recommendations For swtpm versions 0.4.1 and earlier, update to version 0.4.2 or later. For swtpm versions 0.5.x before 0.5.1, update to version 0.5.1 or later. As a temporary workaround, consider restricting access to temporary files to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-28407

OESA-2022-1741

OPENSUSE-SU-2024:11416-1

Affected Products

Swtpm

PT-2023-11767 · Swtpm · Swtpm

CVE-2020-28407

Weakness Enumeration

Related Identifiers

Affected Products

References · 15