Lucene search

[email protected]CVE-2020-9473

HistoryApr 06, 2020 - 3:15 p.m.

CVE-2020-9473

2020-04-0615:15:12

CWE-306

[email protected]

web.nvd.nist.gov

cve-2020-9473

siedle sg 150-0 smart gateway

passwordless ftp

ssh

exploit chain

root access

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.

Affected configurations

NVD

Node

siedlesg_150-0Match-

AND

siedlesg_150-0_firmwareRange<1.2.4

CPENameOperatorVersion
siedle:sg_150-0_firmwaresiedle sg 150-0 firmwarelt1.2.4

CPE	Name	Operator	Version
siedle:sg_150-0_firmware	siedle sg 150-0 firmware	lt	1.2.4

References

research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2020-9473

nvd1 cvelist1 prion1 openvas1