nvd-json-data-feeds/CVE-2020/CVE-2020-116xx/CVE-2020-11625.json

{
  "id": "CVE-2020-11625",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-07-23T21:15:11.833",
  "lastModified": "2020-07-29T17:08:25.023",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 y Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Los intentos fallidos de inicio de sesi\u00f3n de la Interfaz de Usuario web provocan respuestas diferentes dependiendo de si existe una cuenta de usuario. Debido a que las respuestas indican si un nombre de usuario enviado es v\u00e1lido o no, facilitando la identificaci\u00f3n de nombres de usuario leg\u00edtimos. Si una petici\u00f3n de inicio de sesi\u00f3n es enviada a ISAPI/Security/sessionLogin/capabilities usando un nombre de usuario que existe, devolver\u00e1 el valor de la sal dado a ese nombre de usuario, inclusive si la contrase\u00f1a es incorrecta. Sin embargo, si una petici\u00f3n de inicio de sesi\u00f3n es enviada utilizando un nombre de usuario que no est\u00e1 presente en la base de datos, devolver\u00e1 un valor de sal vac\u00edo. Esto permite a atacantes enumerar nombres de usuario leg\u00edtimos, facilitando ataques de fuerza bruta. NOTA: esto es diferente de CVE-2020-7057"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:avertx:hd838_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B511526-D9AF-41D3-8C58-ED591FB6D28A"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:avertx:hd838:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02958C46-401D-478F-A217-BCA0B0E4899F"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:avertx:hd438_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C42137-9911-47AC-B051-5FAC413711AD"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:avertx:hd438:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF06CB88-3801-4319-93D3-285C4CBC6F8F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://unit42.paloaltonetworks.com/avertx-ip-cameras-vulnerabilities/",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}