Lucene search

K
nvd[email protected]NVD:CVE-2020-35559
HistoryFeb 16, 2021 - 4:15 p.m.

CVE-2020-35559

2021-02-1616:15:13
CWE-400
web.nvd.nist.gov
3
mb connect line
mymbconnect24
authenticated attacker
available ips
new device
new user

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

31.4%

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.

Affected configurations

Nvd
Node
mbconnectlinembconnect24Range2.6.2
OR
mbconnectlinemymbconnect24Range2.6.2
VendorProductVersionCPE
mbconnectlinembconnect24*cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
mbconnectlinemymbconnect24*cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

31.4%

Related for NVD:CVE-2020-35559