CVE-2020-24387 – This vulnerability in yubihsm-shell allows atta... (How to Fix)

Q: What is the severity of CVE-2020-24387?

CVE-2020-24387 has a CVSS score of 7.5 (HIGH). This vulnerability in yubihsm-shell allows attackers to cause out-of-bounds memory operations by exploiting unchecked session IDs returned from YubiHSM devices. This can lead to denial of service attacks against systems using YubiHSM hardware security modules. Organizations using yubihsm-shell versions through 2.0.2 for HSM management are affected.

📋 TL;DR

This vulnerability in yubihsm-shell allows attackers to cause out-of-bounds memory operations by exploiting unchecked session IDs returned from YubiHSM devices. This can lead to denial of service attacks against systems using YubiHSM hardware security modules. Organizations using yubihsm-shell versions through 2.0.2 for HSM management are affected.

💻 Affected Systems

Products:

yubihsm-shell

Versions: All versions through 2.0.2

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires yubihsm-shell to be installed and accessible. The vulnerability is in the client software, not the YubiHSM hardware itself.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Yubihsm Shell by Yubico

View all CVEs affecting Yubihsm Shell →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption of the yubihsm-shell process, potentially affecting HSM-dependent applications and services.

🟠

Likely Case

Denial of service affecting yubihsm-shell operations, requiring process restart and potentially disrupting HSM management tasks.

🟢

If Mitigated

Minimal impact if proper access controls limit who can interact with yubihsm-shell and affected versions are not internet-facing.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires access to yubihsm-shell, internet-facing HSM management interfaces could be targeted.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems with yubihsm-shell access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to yubihsm-shell and ability to interact with YubiHSM devices. The vulnerability details and proof-of-concept are publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.3 and later

Vendor Advisory: https://www.yubico.com/support/security-advisories/ysa-2020-06/

Restart Required: Yes

Instructions:

1. Download yubihsm-shell 2.0.3 or later from Yubico's GitHub repository. 2. Stop any running yubihsm-shell processes. 3. Install the updated version following platform-specific installation instructions. 4. Restart affected services that use yubihsm-shell.

🔧 Temporary Workarounds

Restrict yubihsm-shell access

linux

Limit access to yubihsm-shell to only authorized administrators and systems

chmod 750 /usr/bin/yubihsm-shell
setfacl -m u:admin:rx /usr/bin/yubihsm-shell

Network segmentation

all

Isolate systems running yubihsm-shell from untrusted networks

🧯 If You Can't Patch

Implement strict access controls to limit who can execute yubihsm-shell commands
Monitor yubihsm-shell processes for abnormal behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Run 'yubihsm-shell --version' and check if version is 2.0.2 or earlier

Check Version:

yubihsm-shell --version

Verify Fix Applied:

Run 'yubihsm-shell --version' and confirm version is 2.0.3 or later

📡 Detection & Monitoring

Log Indicators:

yubihsm-shell process crashes
segmentation faults in yubihsm-shell logs
abnormal session creation failures

Network Indicators:

Unusual connections to YubiHSM devices
Multiple failed session establishment attempts

SIEM Query:

process_name:"yubihsm-shell" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2020-24387

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: October 19, 2020

Last Updated: November 21, 2024

🔗 References

https://blog.inhq.net/posts/yubico-libyubihsm-vuln/ Exploit,Third Party Advisory
https://developers.yubico.com/yubihsm-shell/ Vendor Advisory
https://github.com/Yubico/yubihsm-shell Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y77KQJW76M3PFOBFLBT6DLH2NWHYRNZO/
https://www.yubico.com/support/security-advisories/ysa-2020-06/ Vendor Advisory
https://blog.inhq.net/posts/yubico-libyubihsm-vuln/ Exploit,Third Party Advisory
https://developers.yubico.com/yubihsm-shell/ Vendor Advisory
https://github.com/Yubico/yubihsm-shell Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y77KQJW76M3PFOBFLBT6DLH2NWHYRNZO/
https://www.yubico.com/support/security-advisories/ysa-2020-06/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24387, you might also want to check these: