Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-15858
HistoryAug 21, 2020 - 9:15 p.m.

CVE-2020-15858

2020-08-2121:15:11
CWE-22
[email protected]
web.nvd.nist.gov
7

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04

Affected configurations

Nvd
Node
thalesgroupbgs5Match-
AND
thalesgroupbgs5_firmwareRange≀rn_02.000_\/_arn_01.001.06
Node
thalesgroupehs5Match-
AND
thalesgroupehs5_firmwareRange≀rn_04.003_\/_arn_01.000.04
Node
thalesgroupehs8Match-
AND
thalesgroupehs8_firmwareRange≀rn_04.003_\/_arn_01.000.04
Node
thalesgroupehs6Match-
AND
thalesgroupehs6_firmwareRange≀rn_04.003_\/_arn_01.000.04
Node
thalesgrouppds5Match-
AND
thalesgrouppds5_firmwareRange≀rn_04.003_\/_arn_01.000.04
Node
thalesgrouppds6Match-
AND
thalesgrouppds6_firmwareRange≀rn_04.003_\/_arn_01.000.04
Node
thalesgroupels61Match-
AND
thalesgroupels61_firmwareRange≀rn_02.002_\/_arn_01.000.04
Node
thalesgroupels81Match-
AND
thalesgroupels81_firmwareRange≀rn_05.002_\/_arn_01.000.04
Node
thalesgrouppls62_firmwareRange≀rn_02.000_\/_arn_01.000.04
AND
thalesgrouppls62Match-
VendorProductVersionCPE
thalesgroupbgs5-cpe:2.3:h:thalesgroup:bgs5:-:*:*:*:*:*:*:*
thalesgroupbgs5_firmware*cpe:2.3:o:thalesgroup:bgs5_firmware:*:*:*:*:*:*:*:*
thalesgroupehs5-cpe:2.3:h:thalesgroup:ehs5:-:*:*:*:*:*:*:*
thalesgroupehs5_firmware*cpe:2.3:o:thalesgroup:ehs5_firmware:*:*:*:*:*:*:*:*
thalesgroupehs8-cpe:2.3:h:thalesgroup:ehs8:-:*:*:*:*:*:*:*
thalesgroupehs8_firmware*cpe:2.3:o:thalesgroup:ehs8_firmware:*:*:*:*:*:*:*:*
thalesgroupehs6-cpe:2.3:h:thalesgroup:ehs6:-:*:*:*:*:*:*:*
thalesgroupehs6_firmware*cpe:2.3:o:thalesgroup:ehs6_firmware:*:*:*:*:*:*:*:*
thalesgrouppds5-cpe:2.3:h:thalesgroup:pds5:-:*:*:*:*:*:*:*
thalesgrouppds5_firmware*cpe:2.3:o:thalesgroup:pds5_firmware:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

Related

threatpost 5
prion 1
attackerkb 1
securelist 1
cvelist 1
cve 1
threatpost
threatpost
iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
2019-09-13 19:15:15
News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit
2019-09-13 12:50:42
1B Mobile Users Vulnerable to Ongoing β€˜SimJacker’ Surveillance Attack
2019-09-12 14:25:17
prion
prion
Directory traversal
2020-08-21 21:15:00
attackerkb
attackerkb
CVE-2020-15858
2020-08-21 00:00:00
securelist
securelist
Cinterion EHS5 3G UMTS/HSPA Module Research
2024-06-13 10:00:22
cvelist
cvelist
CVE-2020-15858
2020-08-21 00:00:00
cve
cve
CVE-2020-15858
2020-08-21 21:15:11

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON
Related for NVD:CVE-2020-15858
threatpost5prion1attackerkb1securelist1cvelist1cve1