CVE-2020-14474
HIGHCellebrite UFED Firmware 5.0-7.5.0.845 - Use of Hard-coded Credentials
Title source: llmDescription
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2020/Jun/31
Exploit, Third Party Advisory x_refsource_misc
https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158254/Cellebrite-EPR-Decryption-Hardcoded-AES-Key-Material.html
Scores
CVSS v3
7.5
EPSS
0.0251
EPSS Percentile
82.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (1)
cellebrite/ufed_firmware
5.0 - 7.5.0.845
Published
Jun 30, 2020
Tracked Since
Feb 18, 2026