CVE-2020-28331 - OpenCVE

Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Barco	Wepresent Wipg-1600w Firmware Wepresent Wipg-1600w

Configuration 1 [-]

AND

cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*

cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html	Third Party Advisory VDB Entry
https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-24T17:38:53

Updated: 2020-11-24T17:40:09

Reserved: 2020-11-06T00:00:00

Link: CVE-2020-28331

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-24T18:15:12.127

Modified: 2022-07-12T17:42:04.277

Link: CVE-2020-28331

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-24T17:40:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html"}, {"tags": ["x_refsource_MISC"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28331", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html"}, {"name": "https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt", "refsource": "MISC", "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28331", "datePublished": "2020-11-24T17:38:53", "dateReserved": "2020-11-06T00:00:00", "dateUpdated": "2020-11-24T17:40:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "FB2D35A0-E5B5-4A4F-911F-7621CAD17BE6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6EDF943-F79F-4729-A15C-BEDFDAC42EA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots."}, {"lang": "es", "value": "Los dispositivos Barco wePresent WiPG-1600W presentan un Control de Acceso Inapropiado. Versi\u00f3n(es) afectada(s): 2.5.1.8. El dispositivo Barco wePresent WiPG-1600W presenta un demonio SSH incluido en la imagen del firmware. Por defecto, el demonio SSH est\u00e1 desactivado y no se inicia al arrancar el sistema. Los scripts de inicializaci\u00f3n del sistema leen una variable de archivo de configuraci\u00f3n del dispositivo para visualizar si el demonio SSH debe ser iniciado. La interfaz web no proporciona una capacidad visible para alterar esta variable de archivo de configuraci\u00f3n. Sin embargo, un actor malicioso puede incluir esta variable en una POST de modo que el demonio SSH sea reiniciado cuando se inicie el dispositivo."}], "id": "CVE-2020-28331", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-24T18:15:12.127", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-Interface.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}