Lucene search

MitreCVE-2020-29055

HistoryNov 24, 2020 - 9:15 p.m.

CVE-2020-29055

2020-11-2421:15:11

CWE-319

mitre

web.nvd.nist.gov

cve-2020-29055

cdata

password interception

man-in-the-middle

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn’t support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

Affected configurations

Nvd

Node

cdatatec72408a_firmwareMatch1.2.2

cdatatec72408a_firmwareMatch2.4.03_000

cdatatec72408a_firmwareMatch2.4.04_001

cdatatec72408a_firmwareMatch2.4.05_000

AND

cdatatec72408aMatch-

Node

cdatatec9008a_firmwareMatch1.2.2

cdatatec9008a_firmwareMatch2.4.03_000

cdatatec9008a_firmwareMatch2.4.04_001

cdatatec9008a_firmwareMatch2.4.05_000

AND

cdatatec9008aMatch-

Node

cdatatec9016a_firmwareMatch1.2.2

cdatatec9016a_firmwareMatch2.4.03_000

cdatatec9016a_firmwareMatch2.4.04_001

cdatatec9016a_firmwareMatch2.4.05_000

AND

cdatatec9016aMatch-

Node

cdatatec92408a_firmwareMatch1.2.2

cdatatec92408a_firmwareMatch2.4.03_000

cdatatec92408a_firmwareMatch2.4.04_001

cdatatec92408a_firmwareMatch2.4.05_000

AND

cdatatec92408aMatch-

Node

cdatatec92416a_firmwareMatch1.2.2

cdatatec92416a_firmwareMatch2.4.03_000

cdatatec92416a_firmwareMatch2.4.04_001

cdatatec92416a_firmwareMatch2.4.05_000

AND

cdatatec92416aMatch-

Node

cdatatec9288_firmwareMatch1.2.2

cdatatec9288_firmwareMatch2.4.03_000

cdatatec9288_firmwareMatch2.4.04_001

cdatatec9288_firmwareMatch2.4.05_000

AND

cdatatec9288Match-

Node

cdatatec97016_firmwareMatch1.2.2

cdatatec97016_firmwareMatch2.4.03_000

cdatatec97016_firmwareMatch2.4.04_001

cdatatec97016_firmwareMatch2.4.05_000

AND

cdatatec97016Match-

Node

cdatatec97024p_firmwareMatch1.2.2

cdatatec97024p_firmwareMatch2.4.03_000

cdatatec97024p_firmwareMatch2.4.04_001

cdatatec97024p_firmwareMatch2.4.05_000

AND

cdatatec97024pMatch-

Node

cdatatec97028p_firmwareMatch1.2.2

cdatatec97028p_firmwareMatch2.4.03_000

cdatatec97028p_firmwareMatch2.4.04_001

cdatatec97028p_firmwareMatch2.4.05_000

AND

cdatatec97028pMatch-

Node

cdatatec97042p_firmwareMatch1.2.2

cdatatec97042p_firmwareMatch2.4.03_000

cdatatec97042p_firmwareMatch2.4.04_001

cdatatec97042p_firmwareMatch2.4.05_000

AND

cdatatec97042pMatch-

Node

cdatatec97084p_firmwareMatch1.2.2

cdatatec97084p_firmwareMatch2.4.03_000

cdatatec97084p_firmwareMatch2.4.04_001

cdatatec97084p_firmwareMatch2.4.05_000

AND

cdatatec97084pMatch-

Node

cdatatec97168p_firmwareMatch1.2.2

cdatatec97168p_firmwareMatch2.4.03_000

cdatatec97168p_firmwareMatch2.4.04_001

cdatatec97168p_firmwareMatch2.4.05_000

AND

cdatatec97168pMatch-

Node

cdatatecfd1002s_firmwareMatch1.2.2

cdatatecfd1002s_firmwareMatch2.4.03_000

cdatatecfd1002s_firmwareMatch2.4.04_001

cdatatecfd1002s_firmwareMatch2.4.05_000

AND

cdatatecfd1002sMatch-

Node

cdatatecfd1104_firmwareMatch1.2.2

cdatatecfd1104_firmwareMatch2.4.03_000

cdatatecfd1104_firmwareMatch2.4.04_001

cdatatecfd1104_firmwareMatch2.4.05_000

AND

cdatatecfd1104Match-

Node

cdatatecfd1104b_firmwareMatch1.2.2

cdatatecfd1104b_firmwareMatch2.4.03_000

cdatatecfd1104b_firmwareMatch2.4.04_001

cdatatecfd1104b_firmwareMatch2.4.05_000

AND

cdatatecfd1104bMatch-

Node

cdatatecfd1104s_firmwareMatch1.2.2

cdatatecfd1104s_firmwareMatch2.4.03_000

cdatatecfd1104s_firmwareMatch2.4.04_001

cdatatecfd1104s_firmwareMatch2.4.05_000

AND

cdatatecfd1104sMatch-

Node

cdatatecfd1104sn_firmwareMatch1.2.2

cdatatecfd1104sn_firmwareMatch2.4.03_000

cdatatecfd1104sn_firmwareMatch2.4.04_001

cdatatecfd1104sn_firmwareMatch2.4.05_000

AND

cdatatecfd1104snMatch-

Node

cdatatecfd1108s_firmwareMatch1.2.2

cdatatecfd1108s_firmwareMatch2.4.03_000

cdatatecfd1108s_firmwareMatch2.4.04_001

cdatatecfd1108s_firmwareMatch2.4.05_000

AND

cdatatecfd1108sMatch-

Node

cdatatecfd1204s-r2_firmwareMatch1.2.2

cdatatecfd1204s-r2_firmwareMatch2.4.03_000

cdatatecfd1204s-r2_firmwareMatch2.4.04_001

cdatatecfd1204s-r2_firmwareMatch2.4.05_000

AND

cdatatecfd1204s-r2Match-

Node

cdatatecfd1204sn_firmwareMatch1.2.2

cdatatecfd1204sn_firmwareMatch2.4.03_000

cdatatecfd1204sn_firmwareMatch2.4.04_001

cdatatecfd1204sn_firmwareMatch2.4.05_000

AND

cdatatecfd1204snMatch-

Node

cdatatecfd1204sn-r2_firmwareMatch1.2.2

cdatatecfd1204sn-r2_firmwareMatch2.4.03_000

cdatatecfd1204sn-r2_firmwareMatch2.4.04_001

cdatatecfd1204sn-r2_firmwareMatch2.4.05_000

AND

cdatatecfd1204sn-r2Match-

Node

cdatatecfd1208s-r2_firmwareMatch1.2.2

cdatatecfd1208s-r2_firmwareMatch2.4.03_000

cdatatecfd1208s-r2_firmwareMatch2.4.04_001

cdatatecfd1208s-r2_firmwareMatch2.4.05_000

AND

cdatatecfd1208s-r2Match-

Node

cdatatecfd1216s-r1_firmwareMatch1.2.2

cdatatecfd1216s-r1_firmwareMatch2.4.03_000

cdatatecfd1216s-r1_firmwareMatch2.4.04_001

cdatatecfd1216s-r1_firmwareMatch2.4.05_000

AND

cdatatecfd1216s-r1Match-

Node

cdatatecfd1608gs_firmwareMatch1.2.2

cdatatecfd1608gs_firmwareMatch2.4.03_000

cdatatecfd1608gs_firmwareMatch2.4.04_001

cdatatecfd1608gs_firmwareMatch2.4.05_000

AND

cdatatecfd1608gsMatch-

Node

cdatatecfd1608sn_firmwareMatch1.2.2

cdatatecfd1608sn_firmwareMatch2.4.03_000

cdatatecfd1608sn_firmwareMatch2.4.04_001

cdatatecfd1608sn_firmwareMatch2.4.05_000

AND

cdatatecfd1608snMatch-

Node

cdatatecfd1616gs_firmwareMatch1.2.2

cdatatecfd1616gs_firmwareMatch2.4.03_000

cdatatecfd1616gs_firmwareMatch2.4.04_001

cdatatecfd1616gs_firmwareMatch2.4.05_000

AND

cdatatecfd1616gsMatch-

Node

cdatatecfd1616sn_firmwareMatch1.2.2

cdatatecfd1616sn_firmwareMatch2.4.03_000

cdatatecfd1616sn_firmwareMatch2.4.04_001

cdatatecfd1616sn_firmwareMatch2.4.05_000

AND

cdatatecfd1616snMatch-

Node

cdatatecfd8000_firmwareMatch1.2.2

cdatatecfd8000_firmwareMatch2.4.03_000

cdatatecfd8000_firmwareMatch2.4.04_001

cdatatecfd8000_firmwareMatch2.4.05_000

AND

cdatatecfd8000Match-

VendorProductVersionCPE
cdatatec72408a_firmware1.2.2cpe:2.3:o:cdatatec:72408a_firmware:1.2.2:*:*:*:*:*:*:*
cdatatec72408a_firmware2.4.03_000cpe:2.3:o:cdatatec:72408a_firmware:2.4.03_000:*:*:*:*:*:*:*
cdatatec72408a_firmware2.4.04_001cpe:2.3:o:cdatatec:72408a_firmware:2.4.04_001:*:*:*:*:*:*:*
cdatatec72408a_firmware2.4.05_000cpe:2.3:o:cdatatec:72408a_firmware:2.4.05_000:*:*:*:*:*:*:*
cdatatec72408a-cpe:2.3:h:cdatatec:72408a:-:*:*:*:*:*:*:*
cdatatec9008a_firmware1.2.2cpe:2.3:o:cdatatec:9008a_firmware:1.2.2:*:*:*:*:*:*:*
cdatatec9008a_firmware2.4.03_000cpe:2.3:o:cdatatec:9008a_firmware:2.4.03_000:*:*:*:*:*:*:*
cdatatec9008a_firmware2.4.04_001cpe:2.3:o:cdatatec:9008a_firmware:2.4.04_001:*:*:*:*:*:*:*
cdatatec9008a_firmware2.4.05_000cpe:2.3:o:cdatatec:9008a_firmware:2.4.05_000:*:*:*:*:*:*:*
cdatatec9008a-cpe:2.3:h:cdatatec:9008a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cdatatec	72408a_firmware	1.2.2	cpe:2.3:o:cdatatec:72408a_firmware:1.2.2:::::::*
cdatatec	72408a_firmware	2.4.03_000	cpe:2.3:o:cdatatec:72408a_firmware:2.4.03_000:::::::*
cdatatec	72408a_firmware	2.4.04_001	cpe:2.3:o:cdatatec:72408a_firmware:2.4.04_001:::::::*
cdatatec	72408a_firmware	2.4.05_000	cpe:2.3:o:cdatatec:72408a_firmware:2.4.05_000:::::::*
cdatatec	72408a	-	cpe:2.3:h:cdatatec:72408a:-:::::::*
cdatatec	9008a_firmware	1.2.2	cpe:2.3:o:cdatatec:9008a_firmware:1.2.2:::::::*
cdatatec	9008a_firmware	2.4.03_000	cpe:2.3:o:cdatatec:9008a_firmware:2.4.03_000:::::::*
cdatatec	9008a_firmware	2.4.04_001	cpe:2.3:o:cdatatec:9008a_firmware:2.4.04_001:::::::*
cdatatec	9008a_firmware	2.4.05_000	cpe:2.3:o:cdatatec:9008a_firmware:2.4.05_000:::::::*
cdatatec	9008a	-	cpe:2.3:h:cdatatec:9008a:-:::::::*

Rows per page:

1-10 of 1401

References

pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

Related for CVE-2020-29055