CVE-2020-29055 - Vulnerability Details

Description

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

Published: 2020-11-24

Score: 5.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cdatatec:72408a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:72408a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:72408a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:72408a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:72408a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cdatatec:9008a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:9008a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:9008a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:9008a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:9008a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cdatatec:9016a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:9016a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:9016a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:9016a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:9016a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cdatatec:92408a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:92408a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:92408a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:92408a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:92408a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:cdatatec:92416a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:92416a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:92416a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:92416a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:92416a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cdatatec:9288_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:9288_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:9288_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:9288_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:9288:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cdatatec:97016_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97016_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97016_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97016_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97016:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cdatatec:97024p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97024p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97024p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97024p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97024p:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:cdatatec:97028p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97028p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97028p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97028p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97028p:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:cdatatec:97042p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97042p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97042p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97042p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97042p:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:cdatatec:97084p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97084p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97084p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97084p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97084p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:cdatatec:97168p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97168p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97168p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97168p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97168p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1002s_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1002s:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104b_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104b:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104s_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104sn:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1108s_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1108s:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1204s-r2:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1204sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1204sn:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1204sn-r2:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1208s-r2:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1216s-r1:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1608gs_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1608gs:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1608sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1608sn:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1616gs_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1616gs:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1616sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1616sn:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

OR	cpe:2.3:o:cdatatec:fd8000_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd8000_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd8000_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd8000_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd8000:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-21437	An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00125.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

History

No history.

Subscriptions

Cdatatec 72408a 72408a Firmware 9008a 9008a Firmware 9016a 9016a Firmware 92408a 92408a Firmware 92416a 92416a Firmware 9288 9288 Firmware 97016 97016 Firmware 97024p 97024p Firmware 97028p 97028p Firmware 97042p 97042p Firmware 97084p 97084p Firmware 97168p 97168p Firmware Fd1002s Fd1002s Firmware Fd1104 Fd1104 Firmware Fd1104b Fd1104b Firmware Fd1104s Fd1104s Firmware Fd1104sn Fd1104sn Firmware Fd1108s Fd1108s Firmware Fd1204s-r2 Fd1204s-r2 Firmware Fd1204sn Fd1204sn-r2 Fd1204sn-r2 Firmware Fd1204sn Firmware Fd1208s-r2 Fd1208s-r2 Firmware Fd1216s-r1 Fd1216s-r1 Firmware Fd1608gs Fd1608gs Firmware Fd1608sn Fd1608sn Firmware Fd1616gs Fd1616gs Firmware Fd1616sn Fd1616sn Firmware Fd8000 Fd8000 Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-24T21:00:57.000Z

Updated: 2024-08-04T16:48:01.586Z

Reserved: 2020-11-24T00:00:00.000Z

Link: CVE-2020-29055

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-24T21:15:11.727

Modified: 2024-11-21T05:23:36.103

Link: CVE-2020-29055

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-319

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object