From 91e30339576e3c9f7146e2f2a59893013ec3b9f9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 18 Feb 2021 00:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12878.json | 66 +++++++++++++++++++++++--- 2020/9xxx/CVE-2020-9306.json | 85 +++++++++++++++++++++++++++++++--- 2 files changed, 139 insertions(+), 12 deletions(-) diff --git a/2020/12xxx/CVE-2020-12878.json b/2020/12xxx/CVE-2020-12878.json index 6d523d79582..3ce5e00a3d5 100644 --- a/2020/12xxx/CVE-2020-12878.json +++ b/2020/12xxx/CVE-2020-12878.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12878", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12878", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fireeye/Vulnerability-Disclosures", + "refsource": "MISC", + "name": "https://github.com/fireeye/Vulnerability-Disclosures" + }, + { + "url": "https://www.digi.com/support/productdetail?pid=5570", + "refsource": "MISC", + "name": "https://www.digi.com/support/productdetail?pid=5570" + }, + { + "refsource": "MISC", + "name": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md", + "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0020/FEYE-2020-0020.md" } ] } diff --git a/2020/9xxx/CVE-2020-9306.json b/2020/9xxx/CVE-2020-9306.json index 18e61618bf5..230432555c2 100644 --- a/2020/9xxx/CVE-2020-9306.json +++ b/2020/9xxx/CVE-2020-9306.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9306", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9306", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a \"Use of Hard-coded Credentials\" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fireeye.com/blog/threat-research.html", + "refsource": "MISC", + "name": "https://www.fireeye.com/blog/threat-research.html" + }, + { + "refsource": "MISC", + "name": "https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html", + "url": "https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html" + }, + { + "refsource": "MISC", + "name": "https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html", + "url": "https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md", + "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file