Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

835 vulnerabilities reference this CWE, most recent first.

CVE-2020-26062 (GCVE-0-2020-26062)

Vulnerability from cvelistv5 – Published: 2024-11-18 16:06 – Updated: 2024-11-18 18:46
VLAI
Title
Cisco Integrated Management Controller Username Enumeration Vulnerability
Summary
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Unified Computing System (Managed) Affected: 4.0(1a)
Affected: 3.2(3n)
Affected: 4.1(1a)
Affected: 4.1(1b)
Affected: 4.0(4h)
Affected: 4.1(1c)
Affected: 3.2(3k)
Affected: 3.2(2c)
Affected: 4.0(4e)
Affected: 4.0(4g)
Affected: 3.2(3i)
Affected: 4.0(2e)
Affected: 3.2(3g)
Affected: 4.0(4a)
Affected: 4.0(2d)
Affected: 3.2(2d)
Affected: 4.0(1b)
Affected: 4.0(4f)
Affected: 3.2(3h)
Affected: 3.2(2f)
Affected: 4.0(4c)
Affected: 3.2(3a)
Affected: 4.0(1c)
Affected: 3.2(3d)
Affected: 3.2(2b)
Affected: 4.0(4b)
Affected: 3.2(2e)
Affected: 4.0(2b)
Affected: 4.0(4d)
Affected: 3.2(1d)
Affected: 3.2(3e)
Affected: 3.2(3l)
Affected: 3.2(3b)
Affected: 4.0(2a)
Affected: 3.2(3j)
Affected: 4.0(1d)
Affected: 3.2(3o)
Affected: 4.0(4i)
Affected: 4.1(1d)
Affected: 4.1(2a)
Affected: 4.1(1e)
Affected: 3.2(3p)
Create a notification for this product.
cisco unified_computing_system Affected: 4.0\(1a\)
Affected: 3.2\(3n\)
Affected: 4.1\(1a\)
Affected: 4.1\(1b\)
Affected: 4.0\(4h\)
Affected: 4.1\(1c\)
Affected: 3.2\(3k\)
Affected: 3.2\(2c\)
Affected: 4.0\(4e\)
Affected: 4.0\(4g\)
Affected: 3.2\(3i\)
Affected: 4.0\(2e\)
Affected: 3.2\(3g\)
Affected: 4.0\(4a\)
Affected: 4.0\(2d\)
Affected: 3.2\(2d\)
Affected: 4.0\(1b\)
Affected: 4.0\(4f\)
Affected: 3.2\(3h\)
Affected: 3.2\(2f\)
Affected: 4.0\(4c\)
Affected: 3.2\(3a\)
Affected: 4.0\(1c\)
Affected: 3.2\(3d\)
Affected: 3.2\(2b\)
Affected: 4.0\(4b\)
Affected: 3.2\(2e\)
Affected: 4.0\(2b\)
Affected: 4.0\(4d\)
Affected: 3.2\(1d\)
Affected: 3.2\(3e\)
Affected: 3.2\(3l\)
Affected: 3.2\(3b\)
Affected: 4.0\(2a\)
Affected: 3.2\(3j\)
Affected: 4.0\(1d\)
Affected: 3.2\(3o\)
Affected: 4.0\(4i\)
Affected: 4.1\(1d\)
Affected: 4.1\(2a\)
Affected: 4.1\(1e\)
Affected: 3.2\(3p\)
    cpe:2.3:a:cisco:unified_computing_system:4.0\(1a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3n\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.1\(1a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.1\(1b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4h\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.1\(1c\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3k\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(2c\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4e\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4g\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3i\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(2e\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3g\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(2d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(2d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(1b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4f\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3h\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(2f\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4c\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(1c\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(2b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(2e\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(2b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(1d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3e\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3l\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(2a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3j\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(1d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3o\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.0\(4i\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.1\(1d\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.1\(2a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:4.1\(1e\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_computing_system:3.2\(3p\):*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3p\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_computing_system",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.0\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3n\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4h\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3k\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2c\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4e\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4g\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3i\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3g\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2d\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4f\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3h\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3a\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4b\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3l\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3j\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3o\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4i\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3p\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-26062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T18:39:09.926743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T18:46:04.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Managed)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "3.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.1(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "3.2(3k)"
            },
            {
              "status": "affected",
              "version": "3.2(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "4.0(4g)"
            },
            {
              "status": "affected",
              "version": "3.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(2e)"
            },
            {
              "status": "affected",
              "version": "3.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(4a)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "3.2(2d)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "3.2(3h)"
            },
            {
              "status": "affected",
              "version": "3.2(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.2(3a)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "3.2(3d)"
            },
            {
              "status": "affected",
              "version": "3.2(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "3.2(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(3e)"
            },
            {
              "status": "affected",
              "version": "3.2(3l)"
            },
            {
              "status": "affected",
              "version": "3.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2a)"
            },
            {
              "status": "affected",
              "version": "3.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(3o)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(1e)"
            },
            {
              "status": "affected",
              "version": "3.2(3p)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco\u0026nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T16:06:00.592Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cimc-enum-CyheP3B7",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cimc-enum-CyheP3B7",
        "defects": [
          "CSCvv07275"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Integrated Management Controller Username Enumeration Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-26062",
    "datePublished": "2024-11-18T16:06:00.592Z",
    "dateReserved": "2020-09-24T00:00:00.000Z",
    "dateUpdated": "2024-11-18T18:46:04.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15237 (GCVE-0-2020-15237)

Vulnerability from cvelistv5 – Published: 2020-10-05 18:30 – Updated: 2024-08-04 13:08
VLAI
Title
Timing attack in Shrine
Summary
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.
CWE
  • CWE-208 - {"CWE-208":"Observable Timing Discrepancy"}
  • CWE-203 - {"CWE-203":"Observable Differences in Behavior to Error Inputs"}
Assigner
References
Impacted products
Vendor Product Version
shrinerb shrine Affected: < 3.3.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "shrine",
          "vendor": "shrinerb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it\u0027s possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "{\"CWE-208\":\"Observable Timing Discrepancy\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "{\"CWE-203\":\"Observable Differences in Behavior to Error Inputs\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-05T18:30:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0"
        }
      ],
      "source": {
        "advisory": "GHSA-5jjv-x4fq-qjwp",
        "discovery": "UNKNOWN"
      },
      "title": "Timing attack in Shrine",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15237",
          "STATE": "PUBLIC",
          "TITLE": "Timing attack in Shrine"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "shrine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "shrinerb"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it\u0027s possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-208\":\"Observable Timing Discrepancy\"}"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-203\":\"Observable Differences in Behavior to Error Inputs\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp",
              "refsource": "CONFIRM",
              "url": "https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp"
            },
            {
              "name": "https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0",
              "refsource": "MISC",
              "url": "https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-5jjv-x4fq-qjwp",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15237",
    "datePublished": "2020-10-05T18:30:14.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15151 (GCVE-0-2020-15151)

Vulnerability from cvelistv5 – Published: 2020-08-19 18:10 – Updated: 2024-08-04 13:08
VLAI
Title
Observable Timing Discrepancy in OpenMage LTS
Summary
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
CWE
  • CWE-203 - {"CWE-203":"Observable Discrepancy"}
Assigner
Impacted products
Vendor Product Version
OpenMage magento-lts Affected: < 19.4.6"
Affected: >= 20.0.0, < 20.0.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "magento-lts",
          "vendor": "OpenMage",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 19.4.6\""
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0.0, \u003c 20.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe\u0027s CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "{\"CWE-203\":\"Observable Discrepancy\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-19T18:10:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a"
        }
      ],
      "source": {
        "advisory": "GHSA-crf2-xm6x-46p6",
        "discovery": "UNKNOWN"
      },
      "title": "Observable Timing Discrepancy in OpenMage LTS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15151",
          "STATE": "PUBLIC",
          "TITLE": "Observable Timing Discrepancy in OpenMage LTS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "magento-lts",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 19.4.6\""
                          },
                          {
                            "version_value": "\u003e= 20.0.0, \u003c 20.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenMage"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe\u0027s CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-203\":\"Observable Discrepancy\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6",
              "refsource": "CONFIRM",
              "url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6"
            },
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb20-47.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
            },
            {
              "name": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a",
              "refsource": "MISC",
              "url": "https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-crf2-xm6x-46p6",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15151",
    "datePublished": "2020-08-19T18:10:13.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5143 (GCVE-0-2020-5143)

Vulnerability from cvelistv5 – Published: 2020-10-12 10:40 – Updated: 2024-08-04 08:22
VLAI
Summary
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Severity
No CVSS data available.
CWE
  • CWE-203 - Observable Differences in Behavior to Error Inputs
Assigner
References
Impacted products
Vendor Product Version
SonicWall SonicOS Affected: SonicOS 6.5.4.7-79n and earlier
Affected: SonicOS 5.9.1.7-2n and earlier
Affected: SonicOS 5.9.1.13-5n and earlier
Affected: SonicOS 6.5.1.11-4n and earlier
Affected: SonicOS 6.0.5.3-93o and earlier
Affected: SonicOSv 6.5.4.4-44v-21-794 and earlier
Affected: SonicOS 7.0.0.0-1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "SonicOS 6.5.4.7-79n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 5.9.1.7-2n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 5.9.1.13-5n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 6.5.1.11-4n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 6.0.5.3-93o and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 7.0.0.0-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203: Observable Differences in Behavior to Error Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-12T10:40:32.000Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SonicOS 6.5.4.7-79n and earlier"
                          },
                          {
                            "version_value": "SonicOS 5.9.1.7-2n and earlier"
                          },
                          {
                            "version_value": "SonicOS 5.9.1.13-5n and earlier"
                          },
                          {
                            "version_value": "SonicOS 6.5.1.11-4n and earlier"
                          },
                          {
                            "version_value": "SonicOS 6.0.5.3-93o and earlier"
                          },
                          {
                            "version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
                          },
                          {
                            "version_value": "SonicOS 7.0.0.0-1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-203: Observable Differences in Behavior to Error Inputs"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2020-5143",
    "datePublished": "2020-10-12T10:40:32.000Z",
    "dateReserved": "2019-12-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:22:08.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3585 (GCVE-0-2020-3585)

Vulnerability from cvelistv5 – Published: 2020-10-21 18:37 – Updated: 2024-11-13 17:47
VLAI
Title
Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability
Summary
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2020-10-21 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201021 Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-tls-bb-2g9uWkP"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3585",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:12:19.819378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:47:47.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-10-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-21T18:37:02.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201021 Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-tls-bb-2g9uWkP"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asaftd-tls-bb-2g9uWkP",
        "defect": [
          [
            "CSCvv13993"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-10-21T16:00:00",
          "ID": "CVE-2020-3585",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Adaptive Security Appliance (ASA) Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device"
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201021 Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-tls-bb-2g9uWkP"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asaftd-tls-bb-2g9uWkP",
          "defect": [
            [
              "CSCvv13993"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3585",
    "datePublished": "2020-10-21T18:37:03.053Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:47:47.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1685 (GCVE-0-2020-1685)

Vulnerability from cvelistv5 – Published: 2020-10-16 20:31 – Updated: 2024-09-16 20:12
VLAI
Title
Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard action
Summary
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2.
CWE
  • CWE-203 - Information Exposure Through Discrepancy
Assigner
References
URL Tags
https://kb.juniper.net/JSA11082 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: 18.1R3
Affected: 18.1 , < 18.1R3-S7 (custom)
Affected: 18.2 , < 18.2R2-S7, 18.2R3-S1 (custom)
Affected: 18.3 , < 18.3R1-S5, 18.3R2-S4, 18.3R3 (custom)
Affected: 18.4 , < 18.4R1-S7, 18.4R2-S1, 18.4R3 (custom)
Affected: 19.1 , < 19.1R1-S5, 19.1R2 (custom)
Affected: 19.2 , < 19.2R1-S5, 19.2R2 (custom)
Create a notification for this product.
Date Public
2020-10-14 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:29.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "EX4600, QFX5K Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "18.1R3"
            },
            {
              "lessThan": "18.1R3-S7",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R2-S7, 18.2R3-S1",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S5, 18.3R2-S4, 18.3R3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S7, 18.4R2-S1, 18.4R3",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S5, 19.1R2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S5, 19.2R2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "A sample VXLAN configuration is shown below:\n\n evpn {\n    encapsulation vxlan;\n  }"
        }
      ],
      "datePublic": "2020-10-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a \u0027user-vlan-id\u0027 match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under \u0027user-vlan-id\u0027. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Information Exposure Through Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T20:31:36.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11082"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S7, 18.2R2-S7, 18.2R3-S1, 18.3R1-S5, 18.3R2-S4, 18.3R3, 18.4R1-S7, 18.4R2-S1, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11082",
        "defect": [
          "1446489"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching \u0027user-vlan-id\u0027 will cause incomplete discard action",
      "workarounds": [
        {
          "lang": "en",
          "value": "Avoid using the user-vlan-id match criteria."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
          "ID": "CVE-2020-1685",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching \u0027user-vlan-id\u0027 will cause incomplete discard action"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S7"
                          },
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R2-S7, 18.2R3-S1"
                          },
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S5, 18.3R2-S4, 18.3R3"
                          },
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S7, 18.4R2-S1, 18.4R3"
                          },
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S5, 19.1R2"
                          },
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S5, 19.2R2"
                          },
                          {
                            "platform": "EX4600, QFX5K Series",
                            "version_affected": "!",
                            "version_value": "18.1R3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "A sample VXLAN configuration is shown below:\n\n evpn {\n    encapsulation vxlan;\n  }"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a \u0027user-vlan-id\u0027 match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under \u0027user-vlan-id\u0027. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-203 Information Exposure Through Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11082",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11082"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S7, 18.2R2-S7, 18.2R3-S1, 18.3R1-S5, 18.3R2-S4, 18.3R3, 18.4R1-S7, 18.4R2-S1, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11082",
          "defect": [
            "1446489"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Avoid using the user-vlan-id match criteria."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1685",
    "datePublished": "2020-10-16T20:31:36.745Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:12:52.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-25337 (GCVE-0-2019-25337)

Vulnerability from cvelistv5 – Published: 2026-02-12 22:48 – Updated: 2026-07-15 01:23
VLAI
Title
OwnCloud 8.1.8 - Username Disclosure
Summary
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
OwnCloud OwnCloud Affected: 8.1.8
Create a notification for this product.
Date Public
2019-11-29 00:00
Credits
Daniel Moreno
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25337",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-13T17:11:48.395531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T17:11:58.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OwnCloud",
          "vendor": "OwnCloud",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.8"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:owncloud:owncloud:8.1.8:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Moreno"
        }
      ],
      "datePublic": "2019-11-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-15T01:23:49.810Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-47745",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/47745"
        },
        {
          "name": "OwnCloud Official Homepage",
          "tags": [
            "product"
          ],
          "url": "https://owncloud.org/"
        },
        {
          "name": "OwnCloud Software Download Repository",
          "tags": [
            "product"
          ],
          "url": "https://ftp.icm.edu.pl/packages/owncloud/"
        },
        {
          "name": "VulnCheck Advisory: OwnCloud 8.1.8 - Username Disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/owncloud-username-disclosure"
        }
      ],
      "title": "OwnCloud 8.1.8 - Username Disclosure",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25337",
    "datePublished": "2026-02-12T22:48:45.879Z",
    "dateReserved": "2026-02-12T14:45:41.569Z",
    "dateUpdated": "2026-07-15T01:23:49.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-19338 (GCVE-0-2019-19338)

Vulnerability from cvelistv5 – Published: 2020-07-13 16:04 – Updated: 2024-08-05 02:16
VLAI
Summary
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.
Assigner
Impacted products
Vendor Product Version
[UNKNOWN] Linux Kernel Affected: before 5.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:46.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/12/10/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "before 5.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has \u0027TSX\u0027 enabled. Confidentiality of data is the highest threat associated with this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-385",
              "description": "CWE-385",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-13T16:04:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/12/10/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-19338",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 5.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has \u0027TSX\u0027 enabled. Confidentiality of data is the highest threat associated with this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-385"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2019/12/10/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2019/12/10/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338"
            },
            {
              "name": "https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort",
              "refsource": "MISC",
              "url": "https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-19338",
    "datePublished": "2020-07-13T16:04:00.000Z",
    "dateReserved": "2019-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:46.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-16869 (GCVE-0-2018-16869)

Vulnerability from cvelistv5 – Published: 2018-12-03 14:00 – Updated: 2024-08-05 10:32
VLAI
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
CWE
Assigner
References
Impacted products
Vendor Product Version
[UNKNOWN] nettle Affected: n/a
Create a notification for this product.
Date Public
2018-11-30 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106092",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106092"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cat.eyalro.net/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nettle",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-04T18:00:57.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "106092",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106092"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cat.eyalro.net/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16869",
    "datePublished": "2018-12-03T14:00:00.000Z",
    "dateReserved": "2018-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:32:54.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-16868 (GCVE-0-2018-16868)

Vulnerability from cvelistv5 – Published: 2018-12-03 14:00 – Updated: 2024-08-05 10:32
VLAI
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
CWE
Assigner
References
Impacted products
Vendor Product Version
[UNKNOWN] gnutls Affected: n/a
Create a notification for this product.
Date Public
2018-11-30 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106080"
          },
          {
            "name": "openSUSE-SU-2019:1353",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2019:1477",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cat.eyalro.net/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gnutls",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-04T18:00:57.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "106080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106080"
        },
        {
          "name": "openSUSE-SU-2019:1353",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2019:1477",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cat.eyalro.net/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16868",
    "datePublished": "2018-12-03T14:00:00.000Z",
    "dateReserved": "2018-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:32:54.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.