Sign-up

ID

VAR-202407-2661


CVE

CVE-2020-11916


TITLE

Siime Eye 14.1.00000001.3.330.0.0.3.14 Weak Hashing

Trust: 0.1

sources: PACKETSTORM: 179795

DESCRIPTION

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Svakom ------------------------------------------ [Affected Product Code Base] Siime Eye - 14.1.00000001.3.330.0.0.3.14 ------------------------------------------ [Affected Component] Siime Eye linux password hashes ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] The hash can be obtained using various techniques (e.g.) through command injection. ------------------------------------------ [Reference] N/A ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Edwin Gozeling from Qbit in assignment of the Consumentenbond. Use CVE-2020-11916

Trust: 0.99

sources: NVD: CVE-2020-11916 // PACKETSTORM: 179795

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2020-11916
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2020-11916
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2020-11916

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

sources: NVD: CVE-2020-11916

TYPE

root

Trust: 0.1

sources: PACKETSTORM: 179795

EXTERNAL IDS

db:NVDid:CVE-2020-11916

Trust: 1.2

db:OTHERid:NONE

Trust: 0.1

db:PACKETSTORMid:179795

Trust: 0.1

sources: OTHER: None // PACKETSTORM: 179795 // NVD: CVE-2020-11916

REFERENCES

url:https://seclists.org/fulldisclosure/2024/jul/14

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-11916

Trust: 0.1

sources: PACKETSTORM: 179795 // NVD: CVE-2020-11916

CREDITS

Willem Westerhof | Secura

Trust: 0.1

sources: OTHER: None

SOURCES

db:OTHERid: -
db:PACKETSTORMid:179795
db:NVDid:CVE-2020-11916

LAST UPDATE DATE

2025-01-30T21:46:10.409000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2020-11916date:2024-11-08T19:01:03.880

SOURCES RELEASE DATE

db:OTHERid: - date:2024-07-26T13:11:06
db:PACKETSTORMid:179795date:2024-07-30T12:35:43
db:NVDid:CVE-2020-11916date:2024-11-07T18:15:15.310