Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-28T17:15:56

Updated: 2024-08-04T13:37:54.250Z

Reserved: 2020-07-31T00:00:00

Link: CVE-2020-16260

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-28T18:15:13.083

Modified: 2024-11-21T05:07:03.047

Link: CVE-2020-16260

cve-icon Redhat

No data.