CVE-2020-26155 - OpenCVE

Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Utimaco	Block-safe Firmware Paymentserver Firmware Cryptoserver Cp5 Firmware Securityserver Firmware Cryptoserver Cp5 Vs-nfd Firmware Paymentserver Hybrid Firmware
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:o:utimaco:block-safe_firmware:2.0.0:::::::*
	cpe:2.3:o:utimaco:block-safe_firmware:3.0.0:::::::*
	cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.0.0.0:::::::*
	cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.1.0.0:::::::*
	cpe:2.3:o:utimaco:cryptoserver_cp5_vs-nfd_firmware:5.1.0.0:::::::*
	cpe:2.3:o:utimaco:paymentserver_firmware::::::::
	cpe:2.3:o:utimaco:paymentserver_hybrid_firmware::::::::
	cpe:2.3:o:utimaco:securityserver_firmware::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/	Exploit Vendor Advisory
https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-18T16:17:01

Updated: 2021-03-18T16:17:01

Reserved: 2020-09-30T00:00:00

Link: CVE-2020-26155

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-18T17:15:13.353

Modified: 2022-06-28T14:11:45.273

Link: CVE-2020-26155

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-18T16:17:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"}, {"tags": ["x_refsource_MISC"], "url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/", "refsource": "MISC", "url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"}, {"name": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/", "refsource": "MISC", "url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26155", "datePublished": "2021-03-18T16:17:01", "dateReserved": "2020-09-30T00:00:00", "dateUpdated": "2021-03-18T16:17:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:utimaco:block-safe_firmware:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "92B1A2DE-C6B4-48BC-A098-A757A390931B", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:block-safe_firmware:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C787B2A5-D094-4655-935A-5F4ED00DF204", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "53792377-9A89-4499-AA46-7C9DFEBE7F20", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F668ACE-65DD-44AF-B88E-256949A96E86", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:cryptoserver_cp5_vs-nfd_firmware:5.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC0BEC29-F2EF-45C7-A9E9-2788C40A8A39", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:paymentserver_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4188E0F4-035E-405D-8CA2-0430AEFEAC32", "versionEndIncluding": "4.31.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:paymentserver_hybrid_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D66B77B-3757-46E8-BFEE-A3103BC702EA", "versionEndIncluding": "4.33.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:utimaco:securityserver_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA3F01CA-3649-49DF-B020-0C5E743487D0", "versionEndIncluding": "4.31.1", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack."}, {"lang": "es", "value": "M\u00faltiples archivos y carpetas en Utimaco SecurityServer versiones 4.20.0.4 y 4.31.1.0, son instalados con permisos de lectura y escritura para usuarios autenticados, permitiendo a usuarios no administradores manipular binarios. Adicionalmente, las entradas son realizadas en la variable de entorno PATH que, junto con estos permisos d\u00e9biles, podr\u00edan permitir a un atacante llevar a cabo un ataque de secuestro DLL"}], "id": "CVE-2020-26155", "lastModified": "2022-06-28T14:11:45.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-18T17:15:13.353", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}, {"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}