mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
193 lines
5.9 KiB
JSON
193 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2020-8232",
|
|
"sourceIdentifier": "support@hackerone.com",
|
|
"published": "2020-08-17T16:15:13.780",
|
|
"lastModified": "2021-09-23T13:57:02.790",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el firmware EdgeMax EdgeSwitch versi\u00f3n v1.9.0, que permit\u00eda a unos usuarios de solo lectura poder obtener informaci\u00f3n no autorizada por medio de las p\u00e1ginas de una comunidad SNMP."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "support@hackerone.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ui:edgeswitch_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "1.9.0",
|
|
"matchCriteriaId": "99D34145-C467-493B-8055-6CB58FE29C37"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ep-16-xg:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AED6B48F-78E6-4BE2-A89C-36887E3CE63B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:ep-s16:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C52B2CB9-844B-4720-BEC9-A73C9994C7AC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-12f:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "35E11BF8-2295-4DC3-B463-DC305B2ED456"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-16-150w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD4B5024-6E26-4011-9392-26E304C0B00C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-24-250w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EBA2938D-8AF2-47D5-B881-AD27A999989D"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-24-500w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CDFD81A-C3D6-4B54-97C6-718FEB23C57C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-24-lite:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0085DBEE-368A-400D-A2E7-AC090CCD6324"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-48-500w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D7AC5ECE-A2E4-4AD8-B65D-4B5CFFF0A044"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-48-750w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "287F2ABB-2855-4938-A5F3-857744ABC4E6"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-48-lite:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C8A7623-0F2F-49F3-81F4-515E29A907EF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:ui:es-8-150w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD0CDC1D-D5F7-437D-9544-95E8DBFBF1F7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Release Notes",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.ui.com/download/edgemax",
|
|
"source": "support@hackerone.com",
|
|
"tags": [
|
|
"Product"
|
|
]
|
|
}
|
|
]
|
|
} |