Products

Solutions

Company

Book A Live Demo

CVE-2020-15858 : Security Advisory and Response

Learn about CVE-2020-15858, a vulnerability in Thales DIS devices allowing Directory Traversal by physically proximate attackers. Find out the impact, affected systems, exploitation mechanism, and mitigation steps.

CVE-2020-15858 is a vulnerability found in some devices of Thales DIS (formerly Gemalto, formerly Cinterion) that allows Directory Traversal by physically proximate attackers. This article provides insights into the nature of the vulnerability, its impact, technical details, and mitigation strategies.

Understanding CVE-2020-15858

This section delves into the specifics of the CVE-2020-15858 vulnerability.

What is CVE-2020-15858?

The vulnerability in Thales DIS devices enables physically proximate attackers to bypass the directory path access check of the internal flash file system, potentially compromising sensitive data stored within.

The Impact of CVE-2020-15858

The vulnerability poses a medium severity risk with high confidentiality and integrity impacts, making it crucial to address promptly.

Technical Details of CVE-2020-15858

Explore the technical aspects of CVE-2020-15858 in this section.

Vulnerability Description

The flaw allows attackers to perform Directory Traversal on affected devices, potentially accessing critical data stored in the flash file system.

Affected Systems and Versions

The vulnerability affects various Thales DIS products and releases, including BGS5, EHSx, PDSx, ELS61, ELS81, and PLS62 up to specific software versions.

Exploitation Mechanism

Attackers can exploit this vulnerability through physical proximity to the device, circumventing directory path access controls.

Mitigation and Prevention

Discover the steps to mitigate and prevent CVE-2020-15858 in this section.

Immediate Steps to Take

Implement access controls to restrict physical proximity to vulnerable devices.

Regularly monitor and audit access to the flash file system.

Apply security updates and patches provided by Thales DIS.

Long-Term Security Practices

Conduct regular security assessments and penetration testing on IoT devices.

Educate users on secure device handling practices to prevent physical attacks.

Patching and Updates

Ensure timely installation of security updates and patches released by Thales DIS to address the CVE-2020-15858 vulnerability.

CVE-2020-15858 : Security Advisory and Response

Understanding CVE-2020-15858

What is CVE-2020-15858?

The Impact of CVE-2020-15858

Technical Details of CVE-2020-15858

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2020-15858 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2020-15858

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2020-15858?

The Impact of CVE-2020-15858

Technical Details of CVE-2020-15858

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2020-15858

What is CVE-2020-15858?

Is your System Free of Underlying Vulnerabilities?
Find Out Now