Lucene search

[email protected]NVD:CVE-2020-15337

HistorySep 29, 2022 - 3:15 a.m.

CVE-2020-15337

2022-09-2903:15:13

CWE-862

[email protected]

web.nvd.nist.gov

zyxel

cloudcnm

secumanager

get request

sensitive query strings

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

41.6%

JSON

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a “Use of GET Request Method With Sensitive Query Strings” issue for /registerCpe requests.

Affected configurations

Nvd

Node

zyxelcloudcnm_secumanagerMatch3.1.0

zyxelcloudcnm_secumanagerMatch3.1.1

VendorProductVersionCPE
zyxelcloudcnm_secumanager3.1.0cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.0:*:*:*:*:*:*:*
zyxelcloudcnm_secumanager3.1.1cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	cloudcnm_secumanager	3.1.0	cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.0:::::::*
zyxel	cloudcnm_secumanager	3.1.1	cpe:2.3:a:zyxel:cloudcnm_secumanager:3.1.1:::::::*

References

pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html

www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

41.6%

JSON

Related for NVD:CVE-2020-15337

cve1 prion1 cvelist1