CVE-2020-15062 - OpenCVE

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Digitus	Da-70254 Da-70254 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:digitus:da-70254_firmware:2.073.000.e0008:*:*:*:*:*:*:*

cpe:2.3:h:digitus:da-70254:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-07T21:24:52

Updated: 2024-08-04T13:08:21.927Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15062

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-07T22:15:13.273

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-15062

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-07T21:24:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/", "refsource": "MISC", "url": "https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:21.927Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15062", "datePublished": "2020-08-07T21:24:52", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:21.927Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digitus:da-70254_firmware:2.073.000.e0008:*:*:*:*:*:*:*", "matchCriteriaId": "A7E7F46E-B4F0-476E-A4CD-585630A3CF4C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digitus:da-70254:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4641E6A-DA53-4BB7-9B34-A1529DC71CF6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic."}, {"lang": "es", "value": "Los dispositivos DIGITUS DA-70254 4-Port Gigabit Network Hub versi\u00f3n 2.073.000.E0008, permiten a un atacante en la misma red elevar los privilegios porque la contrase\u00f1a administrativa puede ser detectada mediante el rastreo del tr\u00e1fico UDP no cifrado"}], "id": "CVE-2020-15062", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-07T22:15:13.273", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}, {"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}