admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-240xx/CVE-2020-24051.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

151 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-24051",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-08-21T15:15:12.773",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue to execute privileged operations without authentication, for instance, to create a new Administrator user."
},
{
"lang": "es",
"value": "Las unidades EXVF5C-2 y EXVP7C2-3 de la Serie Moog EXO, admiten el protocolo de seguridad f\u00edsica basado en IP de interoperabilidad ONVIF, que requiere autenticaci\u00f3n para algunas de sus operaciones. Se encontr\u00f3 que la comprobaci\u00f3n de autenticaci\u00f3n para esas operaciones ONVIF puede ser omitida. Un atacante puede abusar de este problema para ejecutar operaciones privilegiadas sin autenticaci\u00f3n, por ejemplo, para crear un nuevo usuario Administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:moog:exvf5c-2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF20FE0F-EDB8-4BA4-A3B3-D141F2B01541"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:moog:exvf5c-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69235D77-74E9-4D65-BB46-83BE55DDCCD8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:moog:exvp7c2-3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F1521A-7795-438F-9EBD-8C866A856FAA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:moog:exvp7c2-3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDBEF0A-717F-4564-A05D-17164EA6D6AA"
}
]
}
]
}
],
"references": [
{
"url": "https://ioac.tv/3hy1xu6",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://ioactive.com/moog-exo-series-multiple-vulnerabilities/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink