CVSS v3.1 Statistics for Zephyr Project

17
136
17
97
Reference
71.3
CVE CNA Value Alignment NIST Value Reason
CVE-2020-10019(5 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) Low Local attacker typically implies some privilege level needed
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10021(5 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) Low Local attacker typically implies some privilege level needed
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10022(6 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10023(4 of 8) Attack Vector (AV) Physical Attack Vector (AV) Physical
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) Low Privileges Required (PR) None No privileges needed by attacker identified by NVD analyst
User Interaction (UI) Required User Interaction (UI) None User Interaction not identified
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10024(6 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10027(6 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10028(6 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10058(6 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10059(8 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) High
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Unchanged Scope (S) Unchanged
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) None Integrity (I) None
Availability (A) Low Availability (A) Low
CVE-2020-10060(5 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) High Privileges Required (PR) High
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) None No limiting factors for integrity listed
Availability (A) High Availability (A) High
CVE-2020-10061(5 of 8) Attack Vector (AV) Local Attack Vector (AV) Adjacent Network Bluetooth, 800.11 or limitation to local logical network communcations identified
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10062(6 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10063(6 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) None Confidentiality (C) None
Integrity (I) None Integrity (I) None
Availability (A) High Availability (A) High
CVE-2020-10067(5 of 8) Attack Vector (AV) Local Attack Vector (AV) Local
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) Required User Interaction (UI) None User Interaction not identified
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10068(6 of 8) Attack Vector (AV) Local Attack Vector (AV) Adjacent Network Bluetooth, 800.11 or limitation to local logical network communcations identified
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Unchanged Scope (S) Unchanged
Confidentiality (C) None Confidentiality (C) None
Integrity (I) None Integrity (I) None
Availability (A) High Availability (A) High
CVE-2020-10070(6 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High
CVE-2020-10071(6 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) High Attack Complexity (AC) Low No Race Condition, implemenatation specific secrets required or MiTM identified for NVD analyst
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Changed Scope (S) Unchanged Unclear if Scope change occurs. No identification of security boundaries being crossed.
Confidentiality (C) High Confidentiality (C) High
Integrity (I) High Integrity (I) High
Availability (A) High Availability (A) High