CVE-2020-5384 - OpenCVE

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rsa	Multifactor Authentication Agent

Configuration 1 [-]

cpe:2.3:a:rsa:multifactor_authentication_agent:2.0:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://community.rsa.com/docs/DOC-113541

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2020-07-31T17:45:14.625407Z

Updated: 2024-09-16T23:30:37.701Z

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5384

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-31T18:15:15.723

Modified: 2020-08-11T17:29:43.503

Link: CVE-2020-5384

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "RSA Authentication Agent for Microsoft Windows", "vendor": "Dell", "versions": [{"lessThan": "2.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-31T17:45:14", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.rsa.com/docs/DOC-113541"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2020-07-31", "ID": "CVE-2020-5384", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSA Authentication Agent for Microsoft Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "2.0.1"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system."}]}, "impact": {"cvss": {"baseScore": 8.4, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://community.rsa.com/docs/DOC-113541", "refsource": "MISC", "url": "https://community.rsa.com/docs/DOC-113541"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.008Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.rsa.com/docs/DOC-113541"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2020-5384", "datePublished": "2020-07-31T17:45:14.625407Z", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2024-09-16T23:30:37.701Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsa:multifactor_authentication_agent:2.0:*:*:*:*:windows:*:*", "matchCriteriaId": "5D04CF51-F1D5-4A0E-B14C-1A2F7FDAF3AB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system."}, {"lang": "es", "value": "Una Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n de RSA MFA Agent versi\u00f3n 2.0 para Microsoft Windows, contiene una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n. Un atacante no autenticado local podr\u00eda potencialmente explotar esta vulnerabilidad mediante el uso de una ruta alterna para omitir la autenticaci\u00f3n a fin de conseguir acceso completo al sistema"}], "id": "CVE-2020-5384", "lastModified": "2020-08-11T17:29:43.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2020-07-31T18:15:15.723", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://community.rsa.com/docs/DOC-113541"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "security_alert@emc.com", "type": "Secondary"}]}