Lucene search

[email protected]NVD:CVE-2020-17477

HistoryOct 26, 2023 - 1:15 p.m.

CVE-2020-17477

2023-10-2613:15:09

CWE-522

[email protected]

web.nvd.nist.gov

ucs@school

ldap

acls

vulnerability

unauthorized access

password hashes

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.

Affected configurations

Nvd

Node

univentionucs\@schoolRange≤4.4

VendorProductVersionCPE
univentionucs\@school*cpe:2.3:a:univention:ucs\@school:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
univention	ucs\@school	*	cpe:2.3:a:univention:ucs\@school::::::::

References

forge.univention.org/bugzilla/show_bug.cgi?id=50669

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for NVD:CVE-2020-17477

prion1 cvelist1 cve1 vulnrichment1