CVE-2020-28333 - OpenCVE

Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Barco	Wepresent Wipg-1600w Wepresent Wipg-1600w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*

cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html
https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-24T18:03:20

Updated: 2024-08-04T16:33:58.554Z

Reserved: 2020-11-06T00:00:00

Link: CVE-2020-28333

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-24T19:15:10.823

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-28333

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a \"SEID\" token that is appended to the end of URLs in GET requests. Thus the \"SEID\" would be exposed in web proxy logs and browser history. An attacker that is able to capture the \"SEID\" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-24T18:03:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html"}, {"tags": ["x_refsource_MISC"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28333", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a \"SEID\" token that is appended to the end of URLs in GET requests. Thus the \"SEID\" would be exposed in web proxy logs and browser history. An attacker that is able to capture the \"SEID\" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html"}, {"name": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt", "refsource": "MISC", "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:58.554Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28333", "datePublished": "2020-11-24T18:03:20", "dateReserved": "2020-11-06T00:00:00", "dateUpdated": "2024-08-04T16:33:58.554Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "FB2D35A0-E5B5-4A4F-911F-7621CAD17BE6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6EDF943-F79F-4729-A15C-BEDFDAC42EA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a \"SEID\" token that is appended to the end of URLs in GET requests. Thus the \"SEID\" would be exposed in web proxy logs and browser history. An attacker that is able to capture the \"SEID\" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials."}, {"lang": "es", "value": "Los dispositivos Barco wePresent WiPG-1600W permiten una Omisi\u00f3n de Autenticaci\u00f3n. Versi\u00f3n(es) afectada(s): 2.5.1.8. La interfaz web Barco wePresent WiPG-1600W no utiliza cookies de sesi\u00f3n para rastrear sesiones autenticadas. En su lugar, la interfaz web utiliza un token \"SEID\" que es agregado al final de las URL en las peticiones GET. Por lo tanto, el \"SEID\" estar\u00eda expuesto en los registros del proxy web y en el historial del navegador. Un atacante que es capaz de capturar el \"SEID\" y originar peticiones desde la misma direcci\u00f3n IP (por medio de un dispositivo NAT o proxy web) podr\u00eda ser capaz de acceder a la interfaz de usuario del dispositivo sin tener que conocer las credenciales"}], "id": "CVE-2020-28333", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-24T19:15:10.823", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}