Lucene search

[email protected]CVE-2020-29057

HistoryNov 24, 2020 - 9:15 p.m.

CVE-2020-29057

2020-11-2421:15:11

[email protected]

web.nvd.nist.gov

cve-2020-29057

cdata

denial of service

reboot

shawarma attack

nvd

vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a “shawarma” attack.

Affected configurations

NVD

Node

cdatatec72408a_firmwareMatch1.2.2

cdatatec72408a_firmwareMatch2.4.03_000

cdatatec72408a_firmwareMatch2.4.04_001

cdatatec72408a_firmwareMatch2.4.05_000

AND

cdatatec72408aMatch-

Node

cdatatec9008a_firmwareMatch1.2.2

cdatatec9008a_firmwareMatch2.4.03_000

cdatatec9008a_firmwareMatch2.4.04_001

cdatatec9008a_firmwareMatch2.4.05_000

AND

cdatatec9008aMatch-

Node

cdatatec9016a_firmwareMatch1.2.2

cdatatec9016a_firmwareMatch2.4.03_000

cdatatec9016a_firmwareMatch2.4.04_001

cdatatec9016a_firmwareMatch2.4.05_000

AND

cdatatec9016aMatch-

Node

cdatatec92408a_firmwareMatch1.2.2

cdatatec92408a_firmwareMatch2.4.03_000

cdatatec92408a_firmwareMatch2.4.04_001

cdatatec92408a_firmwareMatch2.4.05_000

AND

cdatatec92408aMatch-

Node

cdatatec92416a_firmwareMatch1.2.2

cdatatec92416a_firmwareMatch2.4.03_000

cdatatec92416a_firmwareMatch2.4.04_001

cdatatec92416a_firmwareMatch2.4.05_000

AND

cdatatec92416aMatch-

Node

cdatatec9288_firmwareMatch1.2.2

cdatatec9288_firmwareMatch2.4.03_000

cdatatec9288_firmwareMatch2.4.04_001

cdatatec9288_firmwareMatch2.4.05_000

AND

cdatatec9288Match-

Node

cdatatec97016_firmwareMatch1.2.2

cdatatec97016_firmwareMatch2.4.03_000

cdatatec97016_firmwareMatch2.4.04_001

cdatatec97016_firmwareMatch2.4.05_000

AND

cdatatec97016Match-

Node

cdatatec97024p_firmwareMatch1.2.2

cdatatec97024p_firmwareMatch2.4.03_000

cdatatec97024p_firmwareMatch2.4.04_001

cdatatec97024p_firmwareMatch2.4.05_000

AND

cdatatec97024pMatch-

Node

cdatatec97028p_firmwareMatch1.2.2

cdatatec97028p_firmwareMatch2.4.03_000

cdatatec97028p_firmwareMatch2.4.04_001

cdatatec97028p_firmwareMatch2.4.05_000

AND

cdatatec97028pMatch-

Node

cdatatec97042p_firmwareMatch1.2.2

cdatatec97042p_firmwareMatch2.4.03_000

cdatatec97042p_firmwareMatch2.4.04_001

cdatatec97042p_firmwareMatch2.4.05_000

AND

cdatatec97042pMatch-

Node

cdatatec97084p_firmwareMatch1.2.2

cdatatec97084p_firmwareMatch2.4.03_000

cdatatec97084p_firmwareMatch2.4.04_001

cdatatec97084p_firmwareMatch2.4.05_000

AND

cdatatec97084pMatch-

Node

cdatatec97168p_firmwareMatch1.2.2

cdatatec97168p_firmwareMatch2.4.03_000

cdatatec97168p_firmwareMatch2.4.04_001

cdatatec97168p_firmwareMatch2.4.05_000

AND

cdatatec97168pMatch-

Node

cdatatecfd1002s_firmwareMatch1.2.2

cdatatecfd1002s_firmwareMatch2.4.03_000

cdatatecfd1002s_firmwareMatch2.4.04_001

cdatatecfd1002s_firmwareMatch2.4.05_000

AND

cdatatecfd1002sMatch-

Node

cdatatecfd1104_firmwareMatch1.2.2

cdatatecfd1104_firmwareMatch2.4.03_000

cdatatecfd1104_firmwareMatch2.4.04_001

cdatatecfd1104_firmwareMatch2.4.05_000

AND

cdatatecfd1104Match-

Node

cdatatecfd1104b_firmwareMatch1.2.2

cdatatecfd1104b_firmwareMatch2.4.03_000

cdatatecfd1104b_firmwareMatch2.4.04_001

cdatatecfd1104b_firmwareMatch2.4.05_000

AND

cdatatecfd1104bMatch-

Node

cdatatecfd1104s_firmwareMatch1.2.2

cdatatecfd1104s_firmwareMatch2.4.03_000

cdatatecfd1104s_firmwareMatch2.4.04_001

cdatatecfd1104s_firmwareMatch2.4.05_000

AND

cdatatecfd1104sMatch-

Node

cdatatecfd1104sn_firmwareMatch1.2.2

cdatatecfd1104sn_firmwareMatch2.4.03_000

cdatatecfd1104sn_firmwareMatch2.4.04_001

cdatatecfd1104sn_firmwareMatch2.4.05_000

AND

cdatatecfd1104snMatch-

Node

cdatatecfd1108s_firmwareMatch1.2.2

cdatatecfd1108s_firmwareMatch2.4.03_000

cdatatecfd1108s_firmwareMatch2.4.04_001

cdatatecfd1108s_firmwareMatch2.4.05_000

AND

cdatatecfd1108sMatch-

Node

cdatatecfd1204s-r2_firmwareMatch1.2.2

cdatatecfd1204s-r2_firmwareMatch2.4.03_000

cdatatecfd1204s-r2_firmwareMatch2.4.04_001

cdatatecfd1204s-r2_firmwareMatch2.4.05_000

AND

cdatatecfd1204s-r2Match-

Node

cdatatecfd1204sn_firmwareMatch1.2.2

cdatatecfd1204sn_firmwareMatch2.4.03_000

cdatatecfd1204sn_firmwareMatch2.4.04_001

cdatatecfd1204sn_firmwareMatch2.4.05_000

AND

cdatatecfd1204snMatch-

Node

cdatatecfd1204sn-r2_firmwareMatch1.2.2

cdatatecfd1204sn-r2_firmwareMatch2.4.03_000

cdatatecfd1204sn-r2_firmwareMatch2.4.04_001

cdatatecfd1204sn-r2_firmwareMatch2.4.05_000

AND

cdatatecfd1204sn-r2Match-

Node

cdatatecfd1208s-r2_firmwareMatch1.2.2

cdatatecfd1208s-r2_firmwareMatch2.4.03_000

cdatatecfd1208s-r2_firmwareMatch2.4.04_001

cdatatecfd1208s-r2_firmwareMatch2.4.05_000

AND

cdatatecfd1208s-r2Match-

Node

cdatatecfd1216s-r1_firmwareMatch1.2.2

cdatatecfd1216s-r1_firmwareMatch2.4.03_000

cdatatecfd1216s-r1_firmwareMatch2.4.04_001

cdatatecfd1216s-r1_firmwareMatch2.4.05_000

AND

cdatatecfd1216s-r1Match-

Node

cdatatecfd1608gs_firmwareMatch1.2.2

cdatatecfd1608gs_firmwareMatch2.4.03_000

cdatatecfd1608gs_firmwareMatch2.4.04_001

cdatatecfd1608gs_firmwareMatch2.4.05_000

AND

cdatatecfd1608gsMatch-

Node

cdatatecfd1608sn_firmwareMatch1.2.2

cdatatecfd1608sn_firmwareMatch2.4.03_000

cdatatecfd1608sn_firmwareMatch2.4.04_001

cdatatecfd1608sn_firmwareMatch2.4.05_000

AND

cdatatecfd1608snMatch-

Node

cdatatecfd1616gs_firmwareMatch1.2.2

cdatatecfd1616gs_firmwareMatch2.4.03_000

cdatatecfd1616gs_firmwareMatch2.4.04_001

cdatatecfd1616gs_firmwareMatch2.4.05_000

AND

cdatatecfd1616gsMatch-

Node

cdatatecfd1616sn_firmwareMatch1.2.2

cdatatecfd1616sn_firmwareMatch2.4.03_000

cdatatecfd1616sn_firmwareMatch2.4.04_001

cdatatecfd1616sn_firmwareMatch2.4.05_000

AND

cdatatecfd1616snMatch-

Node

cdatatecfd8000_firmwareMatch1.2.2

cdatatecfd8000_firmwareMatch2.4.03_000

cdatatecfd8000_firmwareMatch2.4.04_001

cdatatecfd8000_firmwareMatch2.4.05_000

AND

cdatatecfd8000Match-

CPENameOperatorVersion
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq1.2.2
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq2.4.03_000
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq2.4.04_001
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq2.4.05_000

CPE	Name	Operator	Version
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	1.2.2
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	2.4.03_000
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	2.4.04_001
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	2.4.05_000

References

pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2020-29057

prion1 nvd1 cvelist1