CVE-2020-6091 - OpenCVE

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Epson	Eb-1470ui Eb-1470ui Firmware

Configuration 1 [-]

AND

cpe:2.3:h:epson:eb-1470ui:-:*:*:*:*:*:*:*

cpe:2.3:o:epson:eb-1470ui_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://epson.com/support/wa00907
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2020-05-22T13:53:08

Updated: 2024-08-04T08:47:41.029Z

Reserved: 2020-01-07T00:00:00

Link: CVE-2020-6091

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-22T14:15:12.107

Modified: 2022-04-28T19:15:19.597

Link: CVE-2020-6091

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Epson", "vendor": "n/a", "versions": [{"status": "affected", "version": "Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303"}]}], "descriptions": [{"lang": "en", "value": "An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T15:15:51", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://epson.com/support/wa00907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2020-6091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Epson", "version": {"version_data": [{"version_value": "Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 9.8, "baseSeverity": "Critical", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"}, {"name": "https://epson.com/support/wa00907", "refsource": "CONFIRM", "url": "https://epson.com/support/wa00907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:47:41.029Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://epson.com/support/wa00907"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2020-6091", "datePublished": "2020-05-22T13:53:08", "dateReserved": "2020-01-07T00:00:00", "dateUpdated": "2024-08-04T08:47:41.029Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:epson:eb-1470ui:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E9C519E-0D7E-469A-8AFB-F93EABD62F86", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:epson:eb-1470ui_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF0D2F95-2B8B-40E7-BC71-5E5F475CF4B3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n explotable en la funcionalidad ESPON Web Control de Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. Una serie especialmente dise\u00f1ada de peticiones HTTP puede causar una omisi\u00f3n de autenticaci\u00f3n, resultando en una divulgaci\u00f3n de informaci\u00f3n. Un atacante puede enviar una petici\u00f3n HTTP para activar esta vulnerabilidad."}], "id": "CVE-2020-6091", "lastModified": "2022-04-28T19:15:19.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-22T14:15:12.107", "references": [{"source": "talos-cna@cisco.com", "url": "https://epson.com/support/wa00907"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1011"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}