Details of VAR-202103-0241

ID

VAR-202103-0241

CVE

CVE-2020-29020

TITLE

Secomea SiteManager Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-016355

DESCRIPTION

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Secomea SiteManager Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-29020 // JVNDB: JVNDB-2020-016355

AFFECTED PRODUCTS

vendor:	secomea	model:	sitemanager	scope:	lt	version:	9.4.620527004	Trust: 1.0
vendor:	secomea	model:	sitemanager	scope:	eq	version:	-	Trust: 0.8
vendor:	secomea	model:	sitemanager	scope:	eq	version:	sitemanager firmware 9.4.620527004	Trust: 0.8

sources: NVD: CVE-2020-29020 // JVNDB: JVNDB-2020-016355

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-29020
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202103-531
value:	HIGH
Trust: 0.6

NVD:	CVE-2020-29020
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8

NVD:	CVE-2020-29020
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29020
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: NVD: CVE-2020-29020 // CNNVD: CNNVD-202103-531 // JVNDB: JVNDB-2020-016355

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: NVD: CVE-2020-29020 // JVNDB: JVNDB-2020-016355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-531

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202103-531

CONFIGURATIONS

sources: NVD: CVE-2020-29020

PATCH

title:

CYBERSECURITY ADVISORY

url:

https://www.secomea.com/support/cybersecurity-advisory/#3217

Trust: 0.8

sources: JVNDB: JVNDB-2020-016355

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29020	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-016355	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-531	Trust: 0.6

sources: NVD: CVE-2020-29020 // CNNVD: CNNVD-202103-531 // JVNDB: JVNDB-2020-016355

REFERENCES

url:	https://www.secomea.com/support/cybersecurity-advisory/#3217	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29020	Trust: 1.4

sources: NVD: CVE-2020-29020 // CNNVD: CNNVD-202103-531 // JVNDB: JVNDB-2020-016355

SOURCES

db:	NVD	id:	CVE-2020-29020
db:	CNNVD	id:	CNNVD-202103-531
db:	JVNDB	id:	JVNDB-2020-016355

LAST UPDATE DATE

2021-12-17T06:53:48.780000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2020-29020	date:	2021-03-12T15:22:00
db:	CNNVD	id:	CNNVD-202103-531	date:	2021-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-016355	date:	2021-11-25T07:08:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2020-29020	date:	2021-03-05T21:15:00
db:	CNNVD	id:	CNNVD-202103-531	date:	2021-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-016355	date:	2021-11-25T00:00:00