CVE-2020-21991 - OpenCVE

AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ave	Ts05 Ts03x-v Firmware Dominaplus Ts01 Ts05n-v Firmware Ts05 Firmware Ts04x-v Ts05n-v 53ab-wbs Firmware 53ab-wbs Ts04x-v Firmware Ts01 Firmware Ts03x-v

Configuration 1 [-]

cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*

cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.exploit-db.com/exploits/47822	Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-28T13:58:50

Updated: 2021-04-28T13:58:50

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-21991

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-28T14:15:07.577

Modified: 2021-05-19T19:20:31.597

Link: CVE-2020-21991

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-28T13:58:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php"}, {"name": "Exploit Database", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/47822"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-21991", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php", "refsource": "MISC", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php"}, {"name": "Exploit Database", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/47822"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-21991", "datePublished": "2021-04-28T13:58:50", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2021-04-28T13:58:50", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3B569E4-349B-4FE1-B430-B313A019E028", "versionEndIncluding": "1.10.77", "versionStartIncluding": "1.10.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*", "matchCriteriaId": "51CC92CB-942B-4BE1-BEFE-57A71DAF7D50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*", "matchCriteriaId": "171FD211-CB91-4123-99F4-12C19D68EEAF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*", "matchCriteriaId": "2AE9FCB9-DE6F-44B1-9433-02D7CDF88DA5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*", "matchCriteriaId": "064E7673-1221-4142-A57F-001EDBAAEB6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*", "matchCriteriaId": "F31ABD8E-0CF3-4CE3-B8EF-8C46A7353457", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "B20A9921-50C8-4954-A8B4-B43D32678695", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*", "matchCriteriaId": "9B777067-9710-4D28-9A5B-F0A4FF7D09AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "88A2B318-3DA2-491B-9A6C-BAEC0E10D185", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*", "matchCriteriaId": "7636D17E-6E48-409B-82BC-1E9C00B426F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*", "matchCriteriaId": "42DDCD50-D9C6-4515-8AFD-0FAD983D00C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8F9D39B-6F67-47EF-BB2C-86FBCD84D76C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "73DFB4EC-EB30-4041-AB29-4000D5E2B29A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials."}, {"lang": "es", "value": "AVE DOMINAplus versiones anteriores a 1.10.x, sufre una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n debido a una falta de comprobaci\u00f3n de control cuando se llama directamente al par\u00e1metro GET autologin en el archivo script changeparams.php. Ajustando el valor de inicio de sesi\u00f3n autom\u00e1tico en 1 permite a un atacante no autenticado deshabilitar permanentemente el control de seguridad de autenticaci\u00f3n y acceder a la interfaz de administraci\u00f3n con privilegios de administrador sin proporcionar credenciales"}], "id": "CVE-2020-21991", "lastModified": "2021-05-19T19:20:31.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-28T14:15:07.577", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/47822"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}