Lucene search

[email protected]CVE-2020-29577

HistoryDec 08, 2020 - 4:15 p.m.

CVE-2020-29577

2020-12-0816:15:12

[email protected]

web.nvd.nist.gov

cve-2020-29577

znc

docker

remote access

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.

Affected configurations

NVD

Node

zncznc_docker_imageMatch1.6

zncznc_docker_imageMatch1.6-slim

zncznc_docker_imageMatch1.6.4

zncznc_docker_imageMatch1.6.4-slim

zncznc_docker_imageMatch1.6.5

zncznc_docker_imageMatch1.6.5-slim

zncznc_docker_imageMatch1.6.6

zncznc_docker_imageMatch1.6.6-slim

zncznc_docker_imageMatch1.7.0

zncznc_docker_imageMatch1.7.0-slim

zncznc_docker_imageMatch1.7.1-slim

CPENameOperatorVersion
znc:znc_docker_imageznc znc docker imageeq1.6
znc:znc_docker_imageznc znc docker imageeq1.6-slim
znc:znc_docker_imageznc znc docker imageeq1.6.4
znc:znc_docker_imageznc znc docker imageeq1.6.4-slim
znc:znc_docker_imageznc znc docker imageeq1.6.5
znc:znc_docker_imageznc znc docker imageeq1.6.5-slim
znc:znc_docker_imageznc znc docker imageeq1.6.6
znc:znc_docker_imageznc znc docker imageeq1.6.6-slim
znc:znc_docker_imageznc znc docker imageeq1.7.0
znc:znc_docker_imageznc znc docker imageeq1.7.0-slim

CPE	Name	Operator	Version
znc:znc_docker_image	znc znc docker image	eq	1.6
znc:znc_docker_image	znc znc docker image	eq	1.6-slim
znc:znc_docker_image	znc znc docker image	eq	1.6.4
znc:znc_docker_image	znc znc docker image	eq	1.6.4-slim
znc:znc_docker_image	znc znc docker image	eq	1.6.5
znc:znc_docker_image	znc znc docker image	eq	1.6.5-slim
znc:znc_docker_image	znc znc docker image	eq	1.6.6
znc:znc_docker_image	znc znc docker image	eq	1.6.6-slim
znc:znc_docker_image	znc znc docker image	eq	1.7.0
znc:znc_docker_image	znc znc docker image	eq	1.7.0-slim

Rows per page:

1-10 of 111

References

github.com/koharin/koharin2/blob/main/CVE-2020-29577

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2020-29577

cvelist1 nvd1 prion1 openvas2