CVE-2020-27184 - OpenCVE

The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Moxa	Nport Ia5450a Nport Ia5450a Firmware Nport Ia5150a Nport Ia5150a Firmware Nport Ia5250a Nport Ia5250a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:nport_ia5150a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_ia5150a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:moxa:nport_ia5250a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_ia5250a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:moxa:nport_ia5450a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_ia5450a:-:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020%2C
https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Kaspersky

Published: 2021-05-14T12:06:15

Updated: 2021-05-14T12:06:15

Reserved: 2020-10-16T00:00:00

Link: CVE-2020-27184

JSON object: View

NVD Information

Status : Modified

Published: 2021-05-14T13:15:07.297

Modified: 2023-11-07T03:20:50.540

Link: CVE-2020-27184

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"containers": {"cna": {"affected": [{"product": "NPort IA5000A Series with Telnet enabled", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}], "descriptions": [{"lang": "en", "value": "The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks."}], "problemTypes": [{"descriptions": [{"description": "Cleartext Transmission of Sensitive Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-14T12:06:15", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020%2C"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "ID": "CVE-2020-27184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NPort IA5000A Series with Telnet enabled", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities", "refsource": "MISC", "url": "https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities"}, {"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020,", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020,"}]}}}}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2020-27184", "datePublished": "2021-05-14T12:06:15", "dateReserved": "2020-10-16T00:00:00", "dateUpdated": "2021-05-14T12:06:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_ia5150a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E529D705-C625-4FFC-AC48-FE2CFE32922D", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_ia5150a:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBA01711-3023-4961-872F-5DB4792C13C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_ia5250a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD9AF3B1-D1A2-450C-9D29-30CC95DAC558", "versionEndIncluding": "1.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_ia5250a:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C7805EF-B929-4DB3-9D68-FEBCD0B69781", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_ia5450a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3575CF6C-0E61-4527-8D8B-F7C7A46F0FAC", "versionEndIncluding": "1.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_ia5450a:-:*:*:*:*:*:*:*", "matchCriteriaId": "D377FBAC-FF5B-4DFB-9ECA-4D148AFE0CDE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks."}, {"lang": "es", "value": "Los dispositivos de la serie NPort IA5000A usan Telnet como uno de los servicios de administraci\u00f3n de dispositivos de red. Telnet no soporta el cifrado de las comunicaciones cliente-servidor, haci\u00e9ndolo vulnerable a ataques de tipo Man-in-the-Middle"}], "id": "CVE-2020-27184", "lastModified": "2023-11-07T03:20:50.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-14T13:15:07.297", "references": [{"source": "vulnerability@kaspersky.com", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020%2C"}, {"source": "vulnerability@kaspersky.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}