CVE-2020-24722 - OpenCVE

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Exposure Notifications Project	Exposure Notifications

Configuration 1 [-]

OR	cpe:2.3:a:exposure_notifications_project:exposure_notifications::::::android::*
	cpe:2.3:a:exposure_notifications_project:exposure_notifications::::::iphone_os::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html
http://seclists.org/fulldisclosure/2020/Oct/12
https://blog.google/inside-google/company-announcements/update-exposure-notifications
https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-07T14:07:36

Updated: 2024-08-04T15:19:09.383Z

Reserved: 2020-08-27T00:00:00

Link: CVE-2020-24722

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-07T15:15:12.553

Modified: 2024-08-04T16:15:22.813

Link: CVE-2020-24722

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is \"We do not believe that TX power authentication would be a useful defense against relay attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-07T17:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.google/inside-google/company-announcements/update-exposure-notifications"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2020/Oct/12"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is \"We do not believe that TX power authentication would be a useful defense against relay attacks.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.google/inside-google/company-announcements/update-exposure-notifications", "refsource": "MISC", "url": "https://blog.google/inside-google/company-announcements/update-exposure-notifications"}, {"name": "http://seclists.org/fulldisclosure/2020/Oct/12", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2020/Oct/12"}, {"name": "https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations", "refsource": "MISC", "url": "https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations"}, {"name": "http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:19:09.383Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.google/inside-google/company-announcements/update-exposure-notifications"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Oct/12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24722", "datePublished": "2020-10-07T14:07:36", "dateReserved": "2020-08-27T00:00:00", "dateUpdated": "2024-08-04T15:19:09.383Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:exposure_notifications_project:exposure_notifications:*:*:*:*:*:android:*:*", "matchCriteriaId": "59CFB73A-D00F-4527-BC13-DA45DE5F7175", "versionEndIncluding": "2020-10-05", "vulnerable": true}, {"criteria": "cpe:2.3:a:exposure_notifications_project:exposure_notifications:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "232A4EE9-1F2B-4672-BEA7-1663E87F6A0B", "versionEndIncluding": "2020-10-05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is \"We do not believe that TX power authentication would be a useful defense against relay attacks."}, {"lang": "es", "value": "**EN DISPUTA** Se detect\u00f3 un problema en el protocolo GAEN (tambi\u00e9n se conoce como Google/Apple Exposure Notifications) hasta el 05/10/2020, tal como es usado en las aplicaciones COVID-19 en Android e iOS. El bloque de metadatos cifrados con un valor TX carece de un checksum, permitiendo a bitflipping amplificar un ataque de contaminaci\u00f3n. Esto puede causar una desanonimizaci\u00f3n de los metadatos y la inflaci\u00f3n de la puntuaci\u00f3n de riesgo. NOTA: la posici\u00f3n del proveedor es \"No creemos que la autenticaci\u00f3n de energ\u00eda TX sea una defensa \u00fatil contra los ataques de retransmisi\u00f3n\""}], "id": "CVE-2020-24722", "lastModified": "2024-08-04T16:15:22.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-07T15:15:12.553", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/159496/GAEN-Protocol-Metadata-Deanonymization-Risk-Score-Inflation.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Oct/12"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.google/inside-google/company-announcements/update-exposure-notifications"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/google/exposure-notifications-internals/blob/main/en-risks-and-mitigations-faq.md#additional-considerations"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}]}