Lucene search

[email protected]NVD:CVE-2020-9526

HistoryAug 10, 2020 - 4:15 p.m.

CVE-2020-9526

2020-08-1016:15:12

CWE-319

CWE-327

[email protected]

web.nvd.nist.gov

cs2 network p2p

information exposure

iot devices

user session data

supernodes

eavesdropping

credentials

device compromise

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices.

Affected configurations

Nvd

Node

cs2-networkp2pRange≤3.0.3a

VendorProductVersionCPE
cs2-networkp2p*cpe:2.3:a:cs2-network:p2p:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cs2-network	p2p	*	cpe:2.3:a:cs2-network:p2p::::::::

References

hacked.camera/

redprocyon.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

Related for NVD:CVE-2020-9526

cve1 prion1 cvelist1