Lucene search

[email protected]CVE-2020-9526

HistoryAug 10, 2020 - 4:15 p.m.

CVE-2020-9526

2020-08-1016:15:12

CWE-327

CWE-319

[email protected]

web.nvd.nist.gov

cve-2020-9526

cs2 network

p2p

info exposure

iot devices

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.3%

JSON

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices.

Affected configurations

NVD

Node

cs2-networkp2pRange≤3.0.3a

CPENameOperatorVersion
cs2-network:p2pcs2-network p2ple3.0.3a

CPE	Name	Operator	Version
cs2-network:p2p	cs2-network p2p	le	3.0.3a

References

hacked.camera/

redprocyon.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.3%

JSON

Related for CVE-2020-9526

cvelist1 prion1 nvd1