CVE-2020-11723
First published: Tue Apr 14 2020(Updated: )
Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cellebrite UFED | >=5.0<=7.29 | |
| Cellebrite UFED |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-11723?
CVE-2020-11723 has a critical severity level due to the hardcoded RSA private keys allowing unauthorized access to ADB daemons on target devices.
How do I fix CVE-2020-11723?
To remediate CVE-2020-11723, upgrade to Cellebrite UFED version 7.30 or later, which addresses the vulnerability.
What are the implications of CVE-2020-11723?
The implications of CVE-2020-11723 include the potential for unauthorized evidence manipulation on forensic extracted devices.
Which versions of Cellebrite UFED are affected by CVE-2020-11723?
CVE-2020-11723 affects Cellebrite UFED versions from 5.0 to 7.29.
How can attackers exploit CVE-2020-11723?
Attackers can exploit CVE-2020-11723 by using the hardcoded RSA keys to authenticate to the ADB daemon and manipulate data on target devices.
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cellebrite
- canonical/cellebrite ufed
- version/cellebrite ufed/5.0
- version/cellebrite ufed/7.29