CVE-2020-21994 - OpenCVE

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ave	Ts05 Ts03x-v Firmware Dominaplus Ts01 Ts05n-v Firmware Ts05 Firmware Ts04x-v Ts05n-v 53ab-wbs Firmware 53ab-wbs Ts04x-v Firmware Ts01 Firmware Ts03x-v

Configuration 1 [-]

cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*

cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*

References

Link	Resource
https://cwe.mitre.org/data/definitions/522.html	Technical Description
https://www.exploit-db.com/exploits/47819	Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-28T14:50:56

Updated: 2022-07-10T20:18:36

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-21994

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-28T15:15:07.917

Modified: 2022-10-26T15:15:08.737

Link: CVE-2020-21994

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-10T20:18:36", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php"}, {"name": "Exploit Database", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/47819"}, {"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/522.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-21994", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php", "refsource": "MISC", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php"}, {"name": "Exploit Database", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/47819"}, {"name": "https://cwe.mitre.org/data/definitions/522.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/522.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-21994", "datePublished": "2021-04-28T14:50:56", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2022-07-10T20:18:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3B569E4-349B-4FE1-B430-B313A019E028", "versionEndIncluding": "1.10.77", "versionStartIncluding": "1.10.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*", "matchCriteriaId": "51CC92CB-942B-4BE1-BEFE-57A71DAF7D50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*", "matchCriteriaId": "171FD211-CB91-4123-99F4-12C19D68EEAF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*", "matchCriteriaId": "2AE9FCB9-DE6F-44B1-9433-02D7CDF88DA5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*", "matchCriteriaId": "064E7673-1221-4142-A57F-001EDBAAEB6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*", "matchCriteriaId": "F31ABD8E-0CF3-4CE3-B8EF-8C46A7353457", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "B20A9921-50C8-4954-A8B4-B43D32678695", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*", "matchCriteriaId": "9B777067-9710-4D28-9A5B-F0A4FF7D09AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "88A2B318-3DA2-491B-9A6C-BAEC0E10D185", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*", "matchCriteriaId": "7636D17E-6E48-409B-82BC-1E9C00B426F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*", "matchCriteriaId": "42DDCD50-D9C6-4515-8AFD-0FAD983D00C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8F9D39B-6F67-47EF-BB2C-86FBCD84D76C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "73DFB4EC-EB30-4041-AB29-4000D5E2B29A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack."}, {"lang": "es", "value": "AVE DOMINAplus versiones anteriores a 1.10.x incluy\u00e9ndola, sufre una vulnerabilidad de divulgaci\u00f3n de credenciales de texto plano que permite a un atacante no autenticado enviar una petici\u00f3n hacia un directorio desprotegido que aloja un archivo XML \"/xml/authClients.xml\" y obtener informaci\u00f3n de inicio de sesi\u00f3n administrativa que permite una ataque de omisi\u00f3n de autenticaci\u00f3n con \u00e9xito"}], "id": "CVE-2020-21994", "lastModified": "2022-10-26T15:15:08.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-28T15:15:07.917", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://cwe.mitre.org/data/definitions/522.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/47819"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}