CVE-2020-16259

2020-10-2817:20:04

mitre

www.cve.org

cve-2020-16259

winston 1.5.4

ssh access

bastion hosts

undocumented

user account

AI Score

9.5

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.

References

labs.bishopfox.com/advisories/winston-privacy-version-1.5.4

winstonprivacy.com/