Lucene search

K
nvd[email protected]NVD:CVE-2021-20993
HistoryMay 13, 2021 - 2:15 p.m.

CVE-2021-20993

2021-05-1314:15:17
CWE-200
web.nvd.nist.gov
6
cve-2021-20993
wago
directory listing
attacker
resources

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

35.9%

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

Affected configurations

Nvd
Node
wago0852-0303_firmwareRange1.2.3.s0
AND
wago0852-0303Match-
Node
wago0852-1305_firmwareRange1.1.7.s0
AND
wago0852-1305Match-
Node
wago0852-1505_firmwareRange1.1.6.s0
AND
wago0852-1505Match-
Node
wago0852-1305\/000-001_firmwareRange1.0.4.s0
AND
wago0852-1305\/000-001Match-
Node
wago0852-1505\/000-001_firmwareRange1.0.4.s0
AND
wago0852-1505\/000-001Match-
VendorProductVersionCPE
wago0852-0303_firmware*cpe:2.3:o:wago:0852-0303_firmware:*:*:*:*:*:*:*:*
wago0852-0303-cpe:2.3:h:wago:0852-0303:-:*:*:*:*:*:*:*
wago0852-1305_firmware*cpe:2.3:o:wago:0852-1305_firmware:*:*:*:*:*:*:*:*
wago0852-1305-cpe:2.3:h:wago:0852-1305:-:*:*:*:*:*:*:*
wago0852-1505_firmware*cpe:2.3:o:wago:0852-1505_firmware:*:*:*:*:*:*:*:*
wago0852-1505-cpe:2.3:h:wago:0852-1505:-:*:*:*:*:*:*:*
wago0852-1305\/000-001_firmware*cpe:2.3:o:wago:0852-1305\/000-001_firmware:*:*:*:*:*:*:*:*
wago0852-1305\/000-001-cpe:2.3:h:wago:0852-1305\/000-001:-:*:*:*:*:*:*:*
wago0852-1505\/000-001_firmware*cpe:2.3:o:wago:0852-1505\/000-001_firmware:*:*:*:*:*:*:*:*
wago0852-1505\/000-001-cpe:2.3:h:wago:0852-1505\/000-001:-:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

35.9%

Related for NVD:CVE-2021-20993