Lucene search

[email protected]CVE-2020-8169

HistoryDec 14, 2020 - 8:15 p.m.

CVE-2020-8169

2020-12-1420:15:00

CWE-200

[email protected]

web.nvd.nist.gov

303

cve-2020-8169

curl vulnerability

information disclosure

network security

dns server

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.2%

JSON

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

CPENameOperatorVersion
haxx:curlhaxx curlle7.70.0
siemens:simatic_tim_1531_irc_firmwaresiemens simatic tim 1531 irc firmwarelt2.2
debian:debian_linuxdebian debian linuxeq10.0
siemens:sinec_infrastructure_network_servicessiemens sinec infrastructure network serviceslt1.0.1.1
splunk:universal_forwardersplunk universal forwardereq9.1.0
splunk:universal_forwardersplunk universal forwarderlt9.0.6
splunk:universal_forwardersplunk universal forwarderlt8.2.12

CPE	Name	Operator	Version
haxx:curl	haxx curl	le	7.70.0
siemens:simatic_tim_1531_irc_firmware	siemens simatic tim 1531 irc firmware	lt	2.2
debian:debian_linux	debian debian linux	eq	10.0
siemens:sinec_infrastructure_network_services	siemens sinec infrastructure network services	lt	1.0.1.1
splunk:universal_forwarder	splunk universal forwarder	eq	9.1.0
splunk:universal_forwarder	splunk universal forwarder	lt	9.0.6
splunk:universal_forwarder	splunk universal forwarder	lt	8.2.12