How severe is CVE-2020-13799?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-13799?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2020-13799 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.

Related Vulnerabilities

CVE-2020-12355

MEDIUM

CVSS:6.8(Medium)

Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of p...

CWE-2942020

CVE-2020-4042

MEDIUM

CVSS:6.8(Medium)

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connec...

CWE-2942020

CVE-2020-5261

MEDIUM

CVSS:6.8(Medium)

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection...

CWE-2942020

CVE-2021-40170

MEDIUM

CVSS:6.8(Medium)

An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by repla...

CWE-2942021

CVE-2022-30467

MEDIUM

CVSS:6.8(Medium)

Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.

CWE-2942022

CVE-2022-47930

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easie...

CWE-2942022