Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

CVE-2020-14485 (GCVE-0-2020-14485)

Vulnerability from cvelistv5 – Published: 2020-07-20 14:45 – Updated: 2024-08-04 12:46
VLAI
Summary
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.
Severity
No CVSS data available.
CWE
  • CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
Assigner
References
Impacted products
Vendor Product Version
n/a OpenClinic GA Affected: Versions 5.09.02 and 5.89.05b
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenClinic GA",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions 5.09.02 and 5.89.05b"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-20T14:45:10.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-14485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenClinic GA",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions 5.09.02 and 5.89.05b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-14485",
    "datePublished": "2020-07-20T14:45:10.000Z",
    "dateReserved": "2020-06-19T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:46:34.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14477 (GCVE-0-2020-14477)

Vulnerability from cvelistv5 – Published: 2020-06-26 16:15 – Updated: 2025-06-04 21:56
VLAI
Title
Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel
Summary
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
CWE
Assigner
References
Impacted products
Credits
Philips reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound ClearVue",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "versions 3.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound CX",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "versions 5.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound EPIQ/Affiniti",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "versions VM5.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound Sparq",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "version 3.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound Xperius",
          "vendor": "Philips",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Philips reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.\u003c/p\u003e"
            }
          ],
          "value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T21:56:59.294Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePhilips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\u003c/p\u003e\n\u003cp\u003ePhilips is currently planning the following new releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUltrasound ClearVue Version 3.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound CX Version 5.0.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound Sparq Version 3.0.3 release in Q4 2020\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\u003c/p\u003e\n\u003cp\u003eUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\u003c/p\u003e\u003cp\u003eUsers can contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips customer service\u003c/a\u003e, and find more details in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory \u003c/a\u003e(external link). Please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Philips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\n\n\nPhilips is currently planning the following new releases:\n\n\n\n  *  Ultrasound ClearVue Version 3.3 release in Q4 2020\n\n  *  Ultrasound CX Version 5.0.3 release in Q4 2020\n\n  *  Ultrasound Sparq Version 3.0.3 release in Q4 2020\n\n\n\n\nAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\n\n\nUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\n\nUsers can contact  Philips customer service https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , and find more details in the  Philips advisory  http://www.philips.com/productsecurity (external link). Please see the  Philips product security website http://www.philips.com/productsecurity  for the latest security information for Philips products."
        }
      ],
      "source": {
        "advisory": "ICSMA-20-177-01",
        "discovery": "INTERNAL"
      },
      "title": "Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-14477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips Ultrasound ClearVue",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions 3.2 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound CX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions 5.0.2 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound EPIQ/Affiniti",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions VM5.0 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound Sparq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 3.0.2 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound Xperius",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-14477",
    "datePublished": "2020-06-26T16:15:14.000Z",
    "dateReserved": "2020-06-19T00:00:00.000Z",
    "dateUpdated": "2025-06-04T21:56:59.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13185 (GCVE-0-2020-13185)

Vulnerability from cvelistv5 – Published: 2021-02-11 15:10 – Updated: 2024-08-04 12:11
VLAI
Summary
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
Severity
No CVSS data available.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: v18 and earlier
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/69/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v18 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-11T15:10:16.000Z",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/69/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v18 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/69/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/69/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13185",
    "datePublished": "2021-02-11T15:10:16.000Z",
    "dateReserved": "2020-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:11:19.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-11005 (GCVE-0-2020-11005)

Vulnerability from cvelistv5 – Published: 2020-04-14 22:30 – Updated: 2024-08-04 11:21
VLAI
Title
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Summary
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
SeppPenner WindowsHello Affected: < 1.0.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:13.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/SeppPenner/WindowsHello/issues/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WindowsHello",
          "vendor": "SeppPenner",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-14T22:30:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SeppPenner/WindowsHello/issues/3"
        }
      ],
      "source": {
        "advisory": "GHSA-wvpv-ffcv-r6cw",
        "discovery": "UNKNOWN"
      },
      "title": "Internal NCryptDecrypt method could be used externally from WindowsHello library.",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11005",
          "STATE": "PUBLIC",
          "TITLE": "Internal NCryptDecrypt method could be used externally from WindowsHello library."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WindowsHello",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SeppPenner"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw",
              "refsource": "CONFIRM",
              "url": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw"
            },
            {
              "name": "https://github.com/SeppPenner/WindowsHello/issues/3",
              "refsource": "MISC",
              "url": "https://github.com/SeppPenner/WindowsHello/issues/3"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-wvpv-ffcv-r6cw",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11005",
    "datePublished": "2020-04-14T22:30:14.000Z",
    "dateReserved": "2020-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:21:13.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10283 (GCVE-0-2020-10283)

Vulnerability from cvelistv5 – Published: 2020-08-20 08:15 – Updated: 2024-09-16 17:08
VLAI
Title
RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication
Summary
The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly.
CWE
Assigner
References
Impacted products
Vendor Product Version
PX4 MAVLink Affected: 2.0
Create a notification for this product.
Date Public
2020-08-20 00:00
Credits
Victor Mayoral Vilches (Alias Robotics)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:58:40.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/aliasrobotics/RVD/issues/3316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MAVLink",
          "vendor": "PX4",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Victor Mayoral Vilches (Alias Robotics)"
        }
      ],
      "datePublic": "2020-08-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-20T08:15:12.000Z",
        "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "shortName": "Alias"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aliasrobotics/RVD/issues/3316"
        }
      ],
      "source": {
        "defect": [
          "RVD#3317"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication",
      "x_generator": {
        "engine": "Robot Vulnerability Database (RVD)"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@aliasrobotics.com",
          "DATE_PUBLIC": "2020-08-20T08:07:15 +00:00",
          "ID": "CVE-2020-10283",
          "STATE": "PUBLIC",
          "TITLE": "RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MAVLink",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PX4"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Victor Mayoral Vilches (Alias Robotics)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly."
            }
          ]
        },
        "generator": {
          "engine": "Robot Vulnerability Database (RVD)"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "high",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aliasrobotics/RVD/issues/3316",
              "refsource": "CONFIRM",
              "url": "https://github.com/aliasrobotics/RVD/issues/3316"
            }
          ]
        },
        "source": {
          "defect": [
            "RVD#3317"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
    "assignerShortName": "Alias",
    "cveId": "CVE-2020-10283",
    "datePublished": "2020-08-20T08:15:13.054Z",
    "dateReserved": "2020-03-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:08:41.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10148 (GCVE-0-2020-10148)

Vulnerability from cvelistv5 – Published: 2020-12-29 21:55 – Updated: 2025-10-21 23:35
VLAI
Title
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
Summary
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
SolarWinds Orion Platform Affected: 2019.4 HF 5
Affected: 2020.2 without hotfix
Affected: 2020.2 HF 1
Create a notification for this product.
solarwinds orion_platform Affected: 2019.4
    cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
Create a notification for this product.
solarwinds orion_platform Affected: 2020.2.1
    cpe:2.3:a:solarwinds:orion_platform:2020.2.1:-:*:*:*:*:*:*
Create a notification for this product.
solarwinds orion_platform Affected: 2020.2
    cpe:2.3:a:solarwinds:orion_platform:2020.2:hotfix1:*:*:*:*:*:*
Create a notification for this product.
Date Public
2020-12-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:50:57.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/843464"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.solarwinds.com/securityadvisory"
          },
          {
            "name": "VU#843464",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/843464"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "orion_platform",
            "vendor": "solarwinds",
            "versions": [
              {
                "status": "affected",
                "version": "2019.4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:solarwinds:orion_platform:2020.2.1:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "orion_platform",
            "vendor": "solarwinds",
            "versions": [
              {
                "status": "affected",
                "version": "2020.2.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:solarwinds:orion_platform:2020.2:hotfix1:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "orion_platform",
            "vendor": "solarwinds",
            "versions": [
              {
                "status": "affected",
                "version": "2020.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10148",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T19:31:04.550116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10148"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:30.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10148"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2020-10148 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Orion Platform",
          "vendor": "SolarWinds",
          "versions": [
            {
              "status": "affected",
              "version": "2019.4 HF 5"
            },
            {
              "status": "affected",
              "version": "2020.2 without hotfix"
            },
            {
              "status": "affected",
              "version": "2020.2 HF 1"
            }
          ]
        }
      ],
      "datePublic": "2020-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-29T21:55:16.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.solarwinds.com/securityadvisory"
        },
        {
          "name": "VU#843464",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://kb.cert.org/vuls/id/843464"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Users should update to the relevant versions of the SolarWinds Orion Platform:\n\n2019.4 HF 6 (released December 14, 2020)\n2020.2.1 HF 2 (released December 15, 2020)\n2019.2 SUPERNOVA Patch (released December 23, 2020)\n2018.4 SUPERNOVA Patch (released December 23, 2020)\n2018.2 SUPERNOVA Patch (released December 23, 2020)"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "SUNBURST",
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2020-12-13T00:00:00.000Z",
          "ID": "CVE-2020-10148",
          "STATE": "PUBLIC",
          "TITLE": "SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Orion Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "2019.4 HF 5",
                            "version_value": "2019.4 HF 5"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2020.2 without hotfix",
                            "version_value": "2020.2 without hotfix"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2020.2 HF 1",
                            "version_value": "2020.2 HF 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SolarWinds"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.solarwinds.com/securityadvisory",
              "refsource": "CONFIRM",
              "url": "https://www.solarwinds.com/securityadvisory"
            },
            {
              "name": "VU#843464",
              "refsource": "CERT-VN",
              "url": "https://kb.cert.org/vuls/id/843464"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Users should update to the relevant versions of the SolarWinds Orion Platform:\n\n2019.4 HF 6 (released December 14, 2020)\n2020.2.1 HF 2 (released December 15, 2020)\n2019.2 SUPERNOVA Patch (released December 23, 2020)\n2018.4 SUPERNOVA Patch (released December 23, 2020)\n2018.2 SUPERNOVA Patch (released December 23, 2020)"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2020-10148",
    "datePublished": "2020-12-29T21:55:16.195Z",
    "dateReserved": "2020-03-05T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:30.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10048 (GCVE-0-2020-10048)

Vulnerability from cvelistv5 – Published: 2021-02-09 15:38 – Updated: 2024-08-04 10:50
VLAI
Summary
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.
Severity
No CVSS data available.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
Siemens SIMATIC PCS 7 Affected: All versions
Create a notification for this product.
Siemens SIMATIC WinCC Affected: All versions < V7.5 SP2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:50:57.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC PCS 7",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.5 SP2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions \u003c V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-09T15:38:17.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-10048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC PCS 7",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC WinCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.5 SP2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions \u003c V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-10048",
    "datePublished": "2021-02-09T15:38:17.000Z",
    "dateReserved": "2020-03-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T10:50:57.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-6091 (GCVE-0-2020-6091)

Vulnerability from cvelistv5 – Published: 2020-05-22 13:53 – Updated: 2024-08-04 08:47
VLAI
Summary
An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
n/a Epson Affected: Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:47:41.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://epson.com/support/wa00907"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Epson",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T15:15:51.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://epson.com/support/wa00907"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-6091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Epson",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"
            },
            {
              "name": "https://epson.com/support/wa00907",
              "refsource": "CONFIRM",
              "url": "https://epson.com/support/wa00907"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-6091",
    "datePublished": "2020-05-22T13:53:08.000Z",
    "dateReserved": "2020-01-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:47:41.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5384 (GCVE-0-2020-5384)

Vulnerability from cvelistv5 – Published: 2020-07-31 17:45 – Updated: 2024-09-16 23:30
VLAI
Summary
Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
URL Tags
https://community.rsa.com/docs/DOC-113541 x_refsource_MISC
Impacted products
Vendor Product Version
Dell RSA Authentication Agent for Microsoft Windows Affected: unspecified , < 2.0.1 (custom)
Create a notification for this product.
Date Public
2020-07-31 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rsa.com/docs/DOC-113541"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSA Authentication Agent for Microsoft Windows",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-07-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-31T17:45:14.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rsa.com/docs/DOC-113541"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2020-07-31",
          "ID": "CVE-2020-5384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSA Authentication Agent for Microsoft Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.4,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rsa.com/docs/DOC-113541",
              "refsource": "MISC",
              "url": "https://community.rsa.com/docs/DOC-113541"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2020-5384",
    "datePublished": "2020-07-31T17:45:14.625Z",
    "dateReserved": "2020-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:30:37.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-4050 (GCVE-0-2020-4050)

Vulnerability from cvelistv5 – Published: 2020-06-12 16:00 – Updated: 2024-08-04 07:52
VLAI
Title
set-screen-option filter misuse by plugins leading to privilege escalation in WordPress
Summary
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
WordPress wordpress-develop Affected: >= 5.4.0, < 5.4.2
Affected: >= 5.3.0, < 5.3.4
Affected: >= 5.2.0, < 5.2.7
Affected: >= 5.1.0, < 5.1.6
Affected: >= 5.0.0, < 5.0.10
Affected: >= 4.9.0, < 4.9.15
Affected: >= 4.8.0, < 4.8.14
Affected: >= 4.7.0, < 4.7.18
Affected: >= 4.6.0, < 4.6.19
Affected: >= 4.5.0, < 4.5.22
Affected: >= 4.4.0, < 4.4.23
Affected: >= 4.3.0, < 4.3.24
Affected: >= 4.2.0, < 4.2.28
Affected: >= 4.1.0, < 4.1.31
Affected: >= 4.0.0, < 4.0.31
Affected: >= 3.9.0, < 3.9.32
Affected: >= 3.8.0, < 3.8.34
Affected: >= 3.7.0, < 3.7.34
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920"
          },
          {
            "name": "FEDORA-2020-8447a3e195",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/"
          },
          {
            "name": "FEDORA-2020-bbedd29391",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/"
          },
          {
            "name": "DSA-4709",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4709"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20200911 [SECURITY] [DLA 2371-1] wordpress security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wordpress-develop",
          "vendor": "WordPress",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.4.0, \u003c 5.4.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.3.0, \u003c 5.3.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.2.0, \u003c 5.2.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.1.0, \u003c 5.1.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.9.0, \u003c 4.9.15"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.8.0, \u003c 4.8.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.7.0, \u003c 4.7.18"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.6.0, \u003c 4.6.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.5.0, \u003c 4.5.22"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.4.0, \u003c 4.4.23"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.3.0, \u003c 4.3.24"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.2.0, \u003c 4.2.28"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.1.0, \u003c 4.1.31"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.31"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.9.0, \u003c 3.9.32"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.8.0, \u003c 3.8.34"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.7.0, \u003c 3.7.34"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In affected versions of WordPress, misuse of the `set-screen-option` filter\u0027s return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-11T16:06:34.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920"
        },
        {
          "name": "FEDORA-2020-8447a3e195",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/"
        },
        {
          "name": "FEDORA-2020-bbedd29391",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/"
        },
        {
          "name": "DSA-4709",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4709"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20200911 [SECURITY] [DLA 2371-1] wordpress security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html"
        }
      ],
      "source": {
        "advisory": "GHSA-4vpv-fgg2-gcqc",
        "discovery": "UNKNOWN"
      },
      "title": "set-screen-option filter misuse by plugins leading to privilege escalation in WordPress",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4050",
          "STATE": "PUBLIC",
          "TITLE": "set-screen-option filter misuse by plugins leading to privilege escalation in WordPress"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "wordpress-develop",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 5.4.0, \u003c 5.4.2"
                          },
                          {
                            "version_value": "\u003e= 5.3.0, \u003c 5.3.4"
                          },
                          {
                            "version_value": "\u003e= 5.2.0, \u003c 5.2.7"
                          },
                          {
                            "version_value": "\u003e= 5.1.0, \u003c 5.1.6"
                          },
                          {
                            "version_value": "\u003e= 5.0.0, \u003c 5.0.10"
                          },
                          {
                            "version_value": "\u003e= 4.9.0, \u003c 4.9.15"
                          },
                          {
                            "version_value": "\u003e= 4.8.0, \u003c 4.8.14"
                          },
                          {
                            "version_value": "\u003e= 4.7.0, \u003c 4.7.18"
                          },
                          {
                            "version_value": "\u003e= 4.6.0, \u003c 4.6.19"
                          },
                          {
                            "version_value": "\u003e= 4.5.0, \u003c 4.5.22"
                          },
                          {
                            "version_value": "\u003e= 4.4.0, \u003c 4.4.23"
                          },
                          {
                            "version_value": "\u003e= 4.3.0, \u003c 4.3.24"
                          },
                          {
                            "version_value": "\u003e= 4.2.0, \u003c 4.2.28"
                          },
                          {
                            "version_value": "\u003e= 4.1.0, \u003c 4.1.31"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.0.31"
                          },
                          {
                            "version_value": "\u003e= 3.9.0, \u003c 3.9.32"
                          },
                          {
                            "version_value": "\u003e= 3.8.0, \u003c 3.8.34"
                          },
                          {
                            "version_value": "\u003e= 3.7.0, \u003c 3.7.34"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "WordPress"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In affected versions of WordPress, misuse of the `set-screen-option` filter\u0027s return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/",
              "refsource": "MISC",
              "url": "https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/"
            },
            {
              "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc",
              "refsource": "CONFIRM",
              "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc"
            },
            {
              "name": "https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920",
              "refsource": "MISC",
              "url": "https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920"
            },
            {
              "name": "FEDORA-2020-8447a3e195",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/"
            },
            {
              "name": "FEDORA-2020-bbedd29391",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/"
            },
            {
              "name": "DSA-4709",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4709"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2269-1] wordpress security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html"
            },
            {
              "name": "[debian-lts-announce] 20200911 [SECURITY] [DLA 2371-1] wordpress security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4vpv-fgg2-gcqc",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-4050",
    "datePublished": "2020-06-12T16:00:17.000Z",
    "dateReserved": "2019-12-30T00:00:00.000Z",
    "dateUpdated": "2024-08-04T07:52:20.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.