CVE-2020-26508 - OpenCVE

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canon	Oce Colorwave 3500 Oce Colorwave 3500 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:canon:oce_colorwave_3500_firmware:5.1.1.0:*:*:*:*:*:*:*

cpe:2.3:h:canon:oce_colorwave_3500:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.syss.de/pentest-blog/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-16T18:49:16

Updated: 2020-11-16T18:49:16

Reserved: 2020-10-01T00:00:00

Link: CVE-2020-26508

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-16T19:15:13.063

Modified: 2020-12-01T13:15:48.797

Link: CVE-2020-26508

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canon:oce_colorwave_3500_firmware:5.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8A4EF64-44F1-4C43-829D-F89D4DACAC87", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:canon:oce_colorwave_3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "89AE57A6-F67D-4D86-9508-3BF989B85D51", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI."}, {"lang": "es", "value": "El componente WebTools de los dispositivos Canon Oce ColorWave 3500 versi\u00f3n 5.1.1.0, permite a atacantes recuperar las credenciales SMB almacenadas por medio de la funcionalidad export, aunque sean intencionadamente inaccesibles en la interfaz de usuario"}], "id": "CVE-2020-26508", "lastModified": "2020-12-01T13:15:48.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-16T19:15:13.063", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/pentest-blog/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}