CVE•Published 2020-11-18•Modified 2026-06-05•0 articles on news•6 live references•NVD data

CVE-2020-13799Westerndigital · Inand_cl_em132_firmware

Vulnerability data via NVD (ingested)

CVSS v3.1

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS percentile

Exploit Prediction Scoring System · top 83% of all CVEs

Weaknesses (CWE)

CWE-294Authentication Bypass by Capture-replay

Description

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.

Timeline

Published 2020-11-18

Modified 2026-06-05

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2020-13799

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · OS

os:"Inand Cl Em132 Firmware"

Hosts Shodan identified as running Inand Cl Em132 Firmware.

More intel sources (5)

Shodan report

vuln:CVE-2020-13799

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2020-13799