VDB
DEBIAN-CVE-2020-10759
DEBIAN-CVE-2020-10759
PUBLISHED
CVSS 6 MEDIUM
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Risk Scores
CVSS v3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libjcat | 0, 0, 0 |
| Debian:13 | fwupd | 0, 0, 0 |
| Debian:14 | libjcat | 0, 0, 0 |
| Debian:11 | fwupd | 0, 0, 0 |
| Debian:12 | libjcat | 0, 0, 0 |
| Debian:14 | fwupd | 0, 0, 0 |
| Debian:11 | libjcat | 0, 0, 0 |
| Debian:12 | fwupd | 0, 0, 0 |
Timeline
- Sep 15, 2020 CVE Published
- Apr 28, 2026 CVE Updated