nvd-json-data-feeds/CVE-2020/CVE-2020-150xx/CVE-2020-15027.json

{
  "id": "CVE-2020-15027",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-07-16T15:15:27.923",
  "lastModified": "2020-07-24T12:39:11.520",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12."
    },
    {
      "lang": "es",
      "value": "ConnectWise Automate versiones hasta 2020.x, presenta una comprobaci\u00f3n insuficiente en determinadas rutas de autenticaci\u00f3n, permitiendo una omisi\u00f3n de autenticaci\u00f3n por medio de una serie de intentos. Esto fue parcheado en versi\u00f3n 2020.7 y en una revisi\u00f3n para la versi\u00f3n 2019.12"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:connectwise:automate:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "2019.12",
              "matchCriteriaId": "7193C82E-A3AD-4BBA-AB48-C84D0FD3EAF9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:connectwise:automate:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "2020.0",
              "versionEndIncluding": "2020.7",
              "matchCriteriaId": "05BF9CB5-50FB-43E8-9839-42835BBFC4F9"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://slagle.tech/2020/07/06/cve-2020-15027/",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}