SAUCS is a Search Engine for Security Vulnerabilities (CVE Database)

Every so often we hear about critical security vulnerabilities in the news, but new ones are actually discovered daily, so it would be nice to have some sort of search engine to find out which known security vulnerabilities a given product or processor may have before purchasing it, or even more importantly starting a project.

SAUCS does just that by having robots checking out the CVE update list, parsing the XML feed and formatting it. You can search for products or process, or subscribe to the vendors and products you want, and receive an email as soon as new changes as detected.

SAUCS MDM9206 CVE

I found out about SAUCS thanks to a comment from Thomas who pointed out the Qualcomm MDM9607 processor found in Quectel EC25 LTE module had a fairly long list of CVE (Common Vulnerabilities and Exposures) entries while using the default? firmware as shown in the screenshot above. Each CVE entry is ranked by its CVSS (Common Vulnerability Scoring System) score.

CVSS Score Rating
CVSS Score Rating

It’s an interesting tool, but one should be aware of its limitations, as it’s only as good as the public information available. For example, if you search for Allwinner, you’ll find only three medium severity CVE entries, which is unlikely to reflect the reality. That means it will be most useful for search of better known products, services, or processors.

While searching for Raspberry Pi I only found one CVE entry but it is reported as being critical.

Raspberry Pi 3 Critical Security Vulnerability
Click to Enlarge

It was first published on April 04 of this year with the following description:

The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.

A whitepaper entitled Understanding the security of Arm debugging features explain how to implement what they call is a NAILGUN attack. It does not only affect the Raspberry Pi 3 B+ but also other hardware like Arm Juno development board, miniNodes and Packet Arm servers based on Hauawei Kirin 620 and Cavium ThunderX respectively, and mobile devices from Google, Samsung, Xiaomi, Huawei, and Motorola. The NAILGUN attack does not rely on software bugs, so it’s an issue in Arm debugging features. There are counter-measures which can be implemented.

You can play with SAUCS yourself to find out security vulnerabilities that may affect your devices.

4
Leave a Reply

avatar
1 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
RKtkaiserjunari Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
junari
Guest
junari

Top total CVE:
Microsoft 6484
Oracle 5899
Ibm 4427
Apple 4369
Google 4159
Cisco 3942
Debian 3331
Adobe 3013
Redhat 2763
Linux 2258
Oh, sh*t. Or not?

tkaiser
Guest
tkaiser

This type of ‘statistics’ is rather useless given the many different kinds of ‘products’ the various ‘vendors’ provide.

Such vendor stuff is only interesting if you for example happen to be in the unfortunate position having to rely on network gear with known government backdoors and vulnerabilities that have to remain open due to agency requirements. Then you clearly want to monitor https://www.saucs.com/cve?vendor=cisco or even better configure notification alerts for the vendor in question 🙂

Jon Smirl
Member

How fast they are patched is much more important than the number. Internet exposed Linux systems are under constant attack. In general the Linux based systems are quickly patched. Other vendors are not so quick with their fixes.

RK
Guest
RK

Considering the install base and target quality, Oracle is doing horribly while Microsoft is doing surprisingly well.

As for IBM, I’m guessing they’re issuing CVEs for their on-retainer / military systems so they mirror many Linux/Redhat, Oracle et cetra issues? Hard to explain it otherwise.