CVE-2020-10759

MEDIUM

Red Hat Enterprise Linux - PGP Signature Verification Bypass in fwupd

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10759. PoCs published by justinsteven.

AI-analyzed exploit summary This PoC exploits CVE-2020-10759, a PGP signature verification bypass in `fwupd`. It demonstrates how an attacker can serve malicious firmware metadata with forged signatures, bypassing validation due to improper handling of detached vs. non-detached signatures.

Description

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.

Exploits (1)

nomisec WORKING POC
by justinsteven · poc
https://github.com/justinsteven/CVE-2020-10759-poc

This PoC exploits CVE-2020-10759, a PGP signature verification bypass in `fwupd`. It demonstrates how an attacker can serve malicious firmware metadata with forged signatures, bypassing validation due to improper handling of detached vs. non-detached signatures.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: fwupd (versions prior to fix for CVE-2020-10759)
No auth needed
Prerequisites: Network access to target system's firmware update mechanism · Ability to intercept or redirect firmware metadata requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.0
EPSS 0.0049
EPSS Percentile 38.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-347
Status published
Products (2)
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
Published Sep 15, 2020
Tracked Since Feb 18, 2026