CVE-2020-3928 - Vulnerability Details

Vendors	Products
Usavisionsys	Geovision Gv-as1010 Geovision Gv-as1010 Firmware Geovision Gv-as210 Geovision Gv-as210 Firmware Geovision Gv-as410 Geovision Gv-as410 Firmware Geovision Gv-as810 Geovision Gv-as810 Firmware Geovision Gv-gf192x Geovision Gv-gf192x Firmware

Link	Providers
https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Door Access Control Device", "vendor": "GeoVision", "versions": [{"lessThanOrEqual": "2.21", "status": "affected", "version": "GV-AS210", "versionType": "custom"}, {"lessThanOrEqual": "2.21", "status": "affected", "version": "GV-AS410", "versionType": "custom"}, {"lessThanOrEqual": "2.21", "status": "affected", "version": "GV-AS810", "versionType": "custom"}, {"lessThanOrEqual": "1.10", "status": "affected", "version": "GV-GF192x", "versionType": "custom"}, {"lessThanOrEqual": "1.32", "status": "affected", "version": "GV-AS1010", "versionType": "custom"}]}], "datePublic": "2020-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Hardcoded privileged password", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-12T08:25:22", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"}], "solutions": [{"lang": "en", "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"}], "source": {"discovery": "UNKNOWN"}, "title": "GeoVision Door Access Control Device - Hardcoded privileged password", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-06-12T08:00:00.000Z", "ID": "CVE-2020-3928", "STATE": "PUBLIC", "TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Door Access Control Device", "version": {"version_data": [{"version_affected": "<=", "version_name": "GV-AS210", "version_value": "2.21"}, {"version_affected": "<=", "version_name": "GV-AS410", "version_value": "2.21"}, {"version_affected": "<=", "version_name": "GV-AS810", "version_value": "2.21"}, {"version_affected": "<=", "version_name": "GV-GF192x", "version_value": "1.10"}, {"version_affected": "<=", "version_name": "GV-AS1010", "version_value": "1.32"}]}}]}, "vendor_name": "GeoVision"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Hardcoded privileged password"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"}]}, "solution": [{"lang": "en", "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:19.776Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2020-3928", "datePublished": "2020-06-12T08:25:23.055079Z", "dateReserved": "2019-12-20T00:00:00", "dateUpdated": "2024-09-17T01:21:32.177Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Door Access Control Device (string)

vendor : GeoVision (string)

versions : [ »

0 : { »

lessThanOrEqual : 2.21 (string)

status : affected (string)

version : GV-AS210 (string)

versionType : custom (string)

}

1 : { »

lessThanOrEqual : 2.21 (string)

status : affected (string)

version : GV-AS410 (string)

versionType : custom (string)

}

2 : { »

lessThanOrEqual : 2.21 (string)

status : affected (string)

version : GV-AS810 (string)

versionType : custom (string)

}

3 : { »

lessThanOrEqual : 1.10 (string)

status : affected (string)

version : GV-GF192x (string)

versionType : custom (string)

}

4 : { »

lessThanOrEqual : 1.32 (string)

status : affected (string)

version : GV-AS1010 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2020-06-12T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Hardcoded privileged password (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-06-12T08:25:22 (string)

orgId : cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e (string)

shortName : twcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Update to version 2.22 in GV-AS210 Update to version 2.22 in GV-AS410 Update to version 2.22 in GV-AS810 Update to version 1.22 in GV-GF192x Update to version 1.33 in GV-AS1010 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : GeoVision Door Access Control Device - Hardcoded privileged password (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

AKA : TWCERT/CC (string)

ASSIGNER : cve@cert.org.tw (string)

DATE_PUBLIC : 2020-06-12T08:00:00.000Z (string)

ID : CVE-2020-3928 (string)

STATE : PUBLIC (string)

TITLE : GeoVision Door Access Control Device - Hardcoded privileged password (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Door Access Control Device (string)

version : { »

version_data : [ »

0 : { »

version_affected : <= (string)

version_name : GV-AS210 (string)

version_value : 2.21 (string)

}

1 : { »

version_affected : <= (string)

version_name : GV-AS410 (string)

version_value : 2.21 (string)

}

2 : { »

version_affected : <= (string)

version_name : GV-AS810 (string)

version_value : 2.21 (string)

}

3 : { »

version_affected : <= (string)

version_name : GV-GF192x (string)

version_value : 1.10 (string)

}

4 : { »

version_affected : <= (string)

version_name : GV-AS1010 (string)

version_value : 1.32 (string)

}

]

}

]

}

vendor_name : GeoVision (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Hardcoded privileged password (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html (string)

refsource : MISC (string)

url : https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : Update to version 2.22 in GV-AS210 Update to version 2.22 in GV-AS410 Update to version 2.22 in GV-AS810 Update to version 1.22 in GV-GF192x Update to version 1.33 in GV-AS1010 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T07:52:19.776Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e (string)

assignerShortName : twcert (string)

cveId : CVE-2020-3928 (string)

datePublished : 2020-06-12T08:25:23.055079Z (string)

dateReserved : 2019-12-20T00:00:00 (string)

dateUpdated : 2024-09-17T01:21:32.177Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2480CC4C-F807-45F1-81EA-B285AF76F4B5", "versionEndExcluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:usavisionsys:geovision_gv-as210:-:*:*:*:*:*:*:*", "matchCriteriaId": "769CD421-6EAB-405A-AE7B-9792A0AA6505", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE2ED4E6-EF78-4316-BC93-DA9612353C05", "versionEndExcluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:usavisionsys:geovision_gv-as410:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B1FD8AD-82E4-43E7-87BE-5EBD5FC3F7FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C6FDC61-7A54-465D-86D1-D6A77A06DF41", "versionEndExcluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:usavisionsys:geovision_gv-as810:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBF997D8-2BD1-4D02-94E3-AC127F5793DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "55ED99A6-AB97-4FBA-884C-2C341AD61DDF", "versionEndExcluding": "1.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:*:*:*:*:*:*:*", "matchCriteriaId": "86F92B38-DE28-4D9F-B3C4-A7E383619E24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED3D5C9C-C65D-4E3B-B4E9-BA6A4AAA8256", "versionEndExcluding": "1.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A6C15EC-B6F9-4EE1-89D0-3B2D1A8DB803", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."}, {"lang": "es", "value": "La familia de dispositivos GeoVision Door Access Control es embebida con una contrase\u00f1a root, que adopta una contrase\u00f1a id\u00e9ntica en todos los dispositivos"}], "id": "CVE-2020-3928", "lastModified": "2024-11-21T05:31:58.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-12T09:15:10.287", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2480CC4C-F807-45F1-81EA-B285AF76F4B5 (string)

versionEndExcluding : 2.21 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:usavisionsys:geovision_gv-as210:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 769CD421-6EAB-405A-AE7B-9792A0AA6505 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FE2ED4E6-EF78-4316-BC93-DA9612353C05 (string)

versionEndExcluding : 2.21 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:usavisionsys:geovision_gv-as410:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B1FD8AD-82E4-43E7-87BE-5EBD5FC3F7FC (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C6FDC61-7A54-465D-86D1-D6A77A06DF41 (string)

versionEndExcluding : 2.21 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:usavisionsys:geovision_gv-as810:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FBF997D8-2BD1-4D02-94E3-AC127F5793DE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 55ED99A6-AB97-4FBA-884C-2C341AD61DDF (string)

versionEndExcluding : 1.32 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 86F92B38-DE28-4D9F-B3C4-A7E383619E24 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : ED3D5C9C-C65D-4E3B-B4E9-BA6A4AAA8256 (string)

versionEndExcluding : 1.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A6C15EC-B6F9-4EE1-89D0-3B2D1A8DB803 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices. (string)

}

1 : { »

lang : es (string)

value : La familia de dispositivos GeoVision Door Access Control es embebida con una contraseña root, que adopta una contraseña idéntica en todos los dispositivos (string)

}

]

id : CVE-2020-3928 (string)

lastModified : 2024-11-21T05:31:58.607 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 6.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.5 (number)

impactScore : 3.6 (number)

source : twcert@cert.org.tw (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-06-12T09:15:10.287 (string)

references : [ »

0 : { »

source : twcert@cert.org.tw (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html (string)

}

]

sourceIdentifier : twcert@cert.org.tw (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-798 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object