CVE-2020-24056 - OpenCVE

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Verint	S5120fd Firmware 5620ptz 4320 Firmware S5120fd 4320 5620ptz Firmware

Configuration 1 [-]

AND

cpe:2.3:o:verint:5620ptz_firmware:verint_fw_0_42:*:*:*:*:*:*:*

cpe:2.3:h:verint:5620ptz:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:verint:4320_firmware:v4320_fw_0_23:::::::*
	cpe:2.3:o:verint:4320_firmware:v4320_fw_0_31:::::::*

cpe:2.3:h:verint:4320:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:verint:s5120fd_firmware:verint_fw_0_42units:*:*:*:*:*:*:*

cpe:2.3:h:verint:s5120fd:-:*:*:*:*:*:*:*

References

Link	Resource
https://ioac.tv/2Nbc40h	Exploit Third Party Advisory
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-21T14:30:26

Updated: 2020-08-21T14:30:26

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24056

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-21T15:15:13.133

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-24056

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verint:5620ptz_firmware:verint_fw_0_42:*:*:*:*:*:*:*", "matchCriteriaId": "0D07363C-3EAD-4C7F-8ADC-BF73F5CCF65C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verint:5620ptz:-:*:*:*:*:*:*:*", "matchCriteriaId": "06A52C58-EDF6-45B8-8E36-8A5A1652A34C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verint:4320_firmware:v4320_fw_0_23:*:*:*:*:*:*:*", "matchCriteriaId": "A8BA0DE6-30CB-451B-ADA5-9C20A96D4553", "vulnerable": true}, {"criteria": "cpe:2.3:o:verint:4320_firmware:v4320_fw_0_31:*:*:*:*:*:*:*", "matchCriteriaId": "C2321668-6D76-48C2-8E30-DE5D0CCBAF05", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verint:4320:-:*:*:*:*:*:*:*", "matchCriteriaId": "86528E55-7890-4B44-AA62-7A6927B9E738", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verint:s5120fd_firmware:verint_fw_0_42units:*:*:*:*:*:*:*", "matchCriteriaId": "EE4479AA-9C2F-4976-9A34-0E07EC9294A8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verint:s5120fd:-:*:*:*:*:*:*:*", "matchCriteriaId": "F892B51D-CCFE-4458-9450-C1A934337CDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de credenciales embebidas en las unidades Verint 5620PTZ versi\u00f3n Verint_FW_0_42, Verint 4320 versiones V4320_FW_0_23, V4320_FW_0_31 y Verint S5120FD versi\u00f3n Verint_FW_0_42. Esto podr\u00eda causar un problema de confidencialidad al usar los protocolos FTP, Telnet o SSH."}], "id": "CVE-2020-24056", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-21T15:15:13.133", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ioac.tv/2Nbc40h"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}