CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
CVE-2020-1637 (GCVE-0-2020-1637)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:26 – Updated: 2024-09-16 23:41- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11018 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3X48 , < 12.3X48-D100
(custom)
Affected: 15.1X49 , < 15.1X49-D210 (custom) Affected: 17.3 , < 17.3R2-S5, 17.3R3-S8 (custom) Affected: 17.4 , < 17.4R2-S9, 17.4R3-S1 (custom) Affected: 18.1 , < 18.1R3-S10 (custom) Affected: 18.2 , < 18.2R2-S7, 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R3-S2 (custom) Affected: 18.4 , < 18.4R1-S6, 18.4R2-S4, 18.4R3-S1 (custom) Affected: 19.1 , < 19.1R1-S4, 19.1R2-S1, 19.1R3 (custom) Affected: 19.2 , < 19.2R1-S3, 19.2R2 (custom) Affected: 19.3 , < 19.3R2-S1, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S1, 19.4R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D100",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D210",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3-S1",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S6, 18.4R2-S4, 18.4R3-S1",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S3, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S1, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S1, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T19:26:01.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11018"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D100, 15.1X49-D210, 16.1R7-S7, 17.3R2-S5, 17.3R3-S8, 17.4R2-S9, 17.4R3-S1, 18.1R3-S10, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S6, 18.4R2-S4, 18.4R3-S1, 19.1R1-S4, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R2-S1, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11018",
"defect": [
"1475435"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability",
"workarounds": [
{
"lang": "en",
"value": "To avoid this issue, the IP address configuration in the IC Server should be configured as IP address/netmask, rather than an IP address range. \n\nFor example: configure 10.0.0.0/25 instead of 10.0.0.1-127."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T07:00:00.000Z",
"ID": "CVE-2020-1637",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D100"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D210"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S8"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R3-S2"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S6, 18.4R2-S4, 18.4R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2-S1, 19.1R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S1, 19.3R3"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S1, 19.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11018",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11018"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D100, 15.1X49-D210, 16.1R7-S7, 17.3R2-S5, 17.3R3-S8, 17.4R2-S9, 17.4R3-S1, 18.1R3-S10, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S6, 18.4R2-S4, 18.4R3-S1, 19.1R1-S4, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R2-S1, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11018",
"defect": [
"1475435"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "To avoid this issue, the IP address configuration in the IC Server should be configured as IP address/netmask, rather than an IP address range. \n\nFor example: configure 10.0.0.0/25 instead of 10.0.0.1-127."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1637",
"datePublished": "2020-04-08T19:26:01.189Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:41:43.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1618 (GCVE-0-2020-1618)
Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 01:56- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11001 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
12.3
Affected: 14.1X53 , < 14.1X53-D53 (custom) Affected: 15.1 , < 15.1R7-S4 (custom) Affected: 15.1X53 , < 15.1X53-D593 (custom) Affected: 16.1 , < 16.1R7-S4 (custom) Affected: 17.1 , < 17.1R2-S11, 17.1R3-S1 (custom) Affected: 17.2 , < 17.2R3-S3 (custom) Affected: 17.3 , < 17.3R2-S5, 17.3R3-S6 (custom) Affected: 17.4 , < 17.4R2-S9, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S8 (custom) Affected: 18.2 , < 18.2R2 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX and QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "12.3"
},
{
"lessThan": "14.1X53-D53",
"status": "affected",
"version": "14.1X53",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S4",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "15.1X53-D593",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S4",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3-S1",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S6",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S9, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S8",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: \u2022 At the first reboot after performing device factory reset using the command \u201crequest system zeroize\u201d; or \u2022 A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T19:25:54.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11001"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D53, 15.1X53-D593, 15.1R7-S4, 16.1R7-S4, 17.1R2-S11, 17.1R3-S1, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R2, 18.3R1-S7, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11001",
"defect": [
"1378429",
"1368940"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: EX and QFX Series: Console port authentication bypass vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Limit physical access to the console port only to trusted administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1618",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX and QFX Series: Console port authentication bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "14.1X53",
"version_value": "14.1X53-D53"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S4"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S4"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S6"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2"
},
{
"platform": "EX and QFX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2"
},
{
"platform": "EX and QFX Series",
"version_affected": "!",
"version_value": "12.3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: \u2022 At the first reboot after performing device factory reset using the command \u201crequest system zeroize\u201d; or \u2022 A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11001",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11001"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D53, 15.1X53-D593, 15.1R7-S4, 16.1R7-S4, 17.1R2-S11, 17.1R3-S1, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R2, 18.3R1-S7, 18.3R2, 18.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11001",
"defect": [
"1378429",
"1368940"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit physical access to the console port only to trusted administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1618",
"datePublished": "2020-04-08T19:25:54.845Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:56:26.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25763 (GCVE-0-2019-25763)
Vulnerability from cvelistv5 – Published: 2026-06-20 13:36 – Updated: 2026-07-15 01:24- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47832 | exploit |
| https://www.ultimatebeaver.com/ | product |
| https://www.vulncheck.com/advisories/wordpress-ul… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Ultimatebeaver | Ultimate Addons for Beaver Builder |
Affected:
0 , ≤ 1.2.4.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25763",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T13:43:53.244163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T13:44:19.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultimate Addons for Beaver Builder",
"vendor": "Ultimatebeaver",
"versions": [
{
"lessThanOrEqual": "1.2.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:ultimate_addons_for_beaver_builder:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "1.2.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2019-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form functionality. Attackers can submit a POST request to the admin-ajax.php endpoint with the uabb-lf-google-submit action, a valid administrator email address, and a valid nonce to obtain session cookies and authenticate as that user."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:24:17.362Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47832",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47832"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.ultimatebeaver.com/"
},
{
"name": "VulnCheck Advisory: WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wordpress-ultimate-addons-for-beaver-builder-authentication-bypass"
}
],
"title": "WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25763",
"datePublished": "2026-06-20T13:36:32.595Z",
"dateReserved": "2026-06-20T13:30:11.594Z",
"dateUpdated": "2026-07-15T01:24:17.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-18250 (GCVE-0-2019-18250)
Vulnerability from cvelistv5 – Published: 2019-11-25 23:13 – Updated: 2024-08-05 01:47- CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-318-05 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions |
Affected:
ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:13:29.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions",
"version": {
"version_data": [
{
"version_value": "ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-318-05",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18250",
"datePublished": "2019-11-25T23:13:29.000Z",
"dateReserved": "2019-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13526 (GCVE-0-2019-13526)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:48 – Updated: 2024-08-04 23:57- CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-239-02 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Datalogic AV7000 Linear barcode scanner |
Affected:
all versions prior to 4.6.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Datalogic AV7000 Linear barcode scanner",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions prior to 4.6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:48:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Datalogic AV7000 Linear barcode scanner",
"version": {
"version_data": [
{
"version_value": "all versions prior to 4.6.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13526",
"datePublished": "2019-08-29T22:48:17.000Z",
"dateReserved": "2019-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9510 (GCVE-0-2019-9510)
Vulnerability from cvelistv5 – Published: 2020-01-15 17:05 – Updated: 2024-09-17 04:00| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/576688/ | third-party-advisoryx_refsource_CERT-VN |
| https://docs.microsoft.com/en-us/previous-version… | x_refsource_MISC |
| https://docs.microsoft.com/en-us/openspecs/window… | x_refsource_MISC |
| https://social.technet.microsoft.com/Forums/windo… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 or newer system using RDP |
Affected:
1803 , < 10 *
(custom)
|
|
| Microsoft | Windows Server |
Affected:
2019 , < 2019*
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#576688",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/576688/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713%28v=ws.11%29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 10 or newer system using RDP",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10 *",
"status": "affected",
"version": "1803",
"versionType": "custom"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019*",
"status": "affected",
"version": "2019",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
}
],
"datePublic": "2019-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T17:05:27.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#576688",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/576688/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713%28v=ws.11%29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
}
],
"source": {
"advisory": "VU#576688",
"discovery": "UNKNOWN"
},
"title": "Microsoft Windows RDP can bypass the Windows lock screen",
"workarounds": [
{
"lang": "en",
"value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-06-04T00:00:00.000Z",
"ID": "CVE-2019-9510",
"STATE": "PUBLIC",
"TITLE": "Microsoft Windows RDP can bypass the Windows lock screen"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 or newer system using RDP",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "10",
"version_value": "1803"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2019",
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#576688",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/576688/"
},
{
"name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)",
"refsource": "MISC",
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)"
},
{
"name": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389",
"refsource": "MISC",
"url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
},
{
"name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect",
"refsource": "MISC",
"url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
}
]
},
"source": {
"advisory": "VU#576688",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9510",
"datePublished": "2020-01-15T17:05:27.546Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:00:12.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6551 (GCVE-0-2019-6551)
Vulnerability from cvelistv5 – Published: 2019-02-28 21:00 – Updated: 2024-09-16 19:40- CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107031 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-045-01 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Pangea Communications Internet FAX ATA |
Affected:
All Versions 3.1.8 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-045-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pangea Communications Internet FAX ATA",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All Versions 3.1.8 and prior"
}
]
}
],
"datePublic": "2019-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "107031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-045-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-02-14T00:00:00",
"ID": "CVE-2019-6551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pangea Communications Internet FAX ATA",
"version": {
"version_data": [
{
"version_value": "All Versions 3.1.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107031"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-045-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-045-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6551",
"datePublished": "2019-02-28T21:00:00.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:40:09.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5486 (GCVE-0-2019-5486)
Vulnerability from cvelistv5 – Published: 2019-12-18 20:58 – Updated: 2024-08-04 19:54- CWE-288 - Authentication Bypass Using an Alternate Path or Channel (CWE-288)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/617896 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GitLab CE/EE |
Affected:
12.3.2, 12.2.6, and 12.1.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/617896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.3.2, 12.2.6, and 12.1.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A authentication bypass vulnerability exists in GitLab CE/EE \u003cv12.3.2, \u003cv12.2.6, and \u003cv12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T20:58:42.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/617896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab CE/EE",
"version": {
"version_data": [
{
"version_value": "12.3.2, 12.2.6, and 12.1.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A authentication bypass vulnerability exists in GitLab CE/EE \u003cv12.3.2, \u003cv12.2.6, and \u003cv12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/617896",
"refsource": "MISC",
"url": "https://hackerone.com/reports/617896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5486",
"datePublished": "2019-12-18T20:58:42.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5473 (GCVE-0-2019-5473)
Vulnerability from cvelistv5 – Published: 2019-09-09 17:49 – Updated: 2024-08-04 19:54- CWE-288 - Authentication Bypass Using an Alternate Path or Channel (CWE-288)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/565883 | x_refsource_MISC |
| https://gitlab.com/gitlab-org/gitlab-ee/issues/11643 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | gitlab.com |
Affected:
Fixed versions 12.1.2 and 12.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/565883"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gitlab.com",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed versions 12.1.2 and 12.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-09T17:49:52.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/565883"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gitlab.com",
"version": {
"version_data": [
{
"version_value": "Fixed versions 12.1.2 and 12.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/565883",
"refsource": "MISC",
"url": "https://hackerone.com/reports/565883"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11643",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5473",
"datePublished": "2019-09-09T17:49:52.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5455 (GCVE-0-2019-5455)
Vulnerability from cvelistv5 – Published: 2019-07-30 20:26 – Updated: 2024-08-04 19:54- CWE-288 - Authentication Bypass Using an Alternate Path or Channel (CWE-288)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/490946 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Nextcloud | com.nextcloud.client |
Affected:
3.6.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/490946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.nextcloud.client",
"vendor": "Nextcloud",
"versions": [
{
"status": "affected",
"version": "3.6.1"
}
]
}
],
"datePublic": "2019-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T20:26:47.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/490946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.nextcloud.client",
"version": {
"version_data": [
{
"version_value": "3.6.1"
}
]
}
}
]
},
"vendor_name": "Nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/490946",
"refsource": "MISC",
"url": "https://hackerone.com/reports/490946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5455",
"datePublished": "2019-07-30T20:26:47.000Z",
"dateReserved": "2019-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.