CVE-2020-27220 - OpenCVE

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Hono

Configuration 1 [-]

OR	cpe:2.3:a:eclipse:hono::::::::
	cpe:2.3:a:eclipse:hono:1.5.0:::::::*

No data.

References

Link	Providers
https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2021-01-14T22:35:15

Updated: 2024-08-04T16:11:36.045Z

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27220

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-14T23:15:13.040

Modified: 2021-01-22T18:34:34.313

Link: CVE-2020-27220

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Eclipse Hono", "vendor": "The Eclipse Foundation", "versions": [{"status": "affected", "version": "1.4.0 to 1.4.4 inclusive, 1.5.0"}]}], "descriptions": [{"lang": "en", "value": "The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-14T22:35:15", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2020-27220", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Hono", "version": {"version_data": [{"version_value": "1.4.0 to 1.4.4 inclusive, 1.5.0"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862: Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:36.045Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2020-27220", "datePublished": "2021-01-14T22:35:15", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2024-08-04T16:11:36.045Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:hono:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EA7972C-A4C7-4952-9850-6EFC12D23CEB", "versionEndIncluding": "1.4.4", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:hono:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BAD15477-6995-4EC3-B9F7-F6D664BD2134", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked."}, {"lang": "es", "value": "Los adaptadores de protocolo AMQP y MQTT de Eclipse Hono no comprueban si un dispositivo gateway autenticado est\u00e1 autorizado para recibir mensajes de comando y control cuando se ha suscrito solo a comandos para un dispositivo espec\u00edfico. La falta de comprobaci\u00f3n implica verificar que el dispositivo de destino del comando est\u00e9 configurado dando permiso para que el dispositivo gateway act\u00fae en su nombre. Esto significa que un dispositivo autenticado de un determinado inquilino, en particular tambi\u00e9n un dispositivo que no sea un gateway que act\u00faa como un gateway, puede recibir mensajes de comando y control direccionados hacia un dispositivo diferente del mismo inquilino sin que sean comprobados los permisos correspondientes"}], "id": "CVE-2020-27220", "lastModified": "2021-01-22T18:34:34.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-14T23:15:13.040", "references": [{"source": "emo@eclipse.org", "tags": ["Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "emo@eclipse.org", "type": "Secondary"}]}