CWE-489
Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
CVE-2017-5259 (GCVE-0-2017-5259)
Vulnerability from cvelistv5
- CWE-489 - (Leftover Debug Code)
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
Cambium Networks | cnPilot |
Version: 4.3.2-R4 and prior |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:55:35.778Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cnPilot", "vendor": "Cambium Networks", "versions": [ { "status": "affected", "version": "4.3.2-R4 and prior" } ] } ], "datePublic": "2017-12-20T00:00:00", "descriptions": [ { "lang": "en", "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://\u003cdevice-ip-or-hostname\u003e/adm/syscmd.asp." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489 (Leftover Debug Code)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-20T21:57:01", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@rapid7.com", "ID": "CVE-2017-5259", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cnPilot", "version": { "version_data": [ { "version_value": "4.3.2-R4 and prior" } ] } } ] }, "vendor_name": "Cambium Networks" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://\u003cdevice-ip-or-hostname\u003e/adm/syscmd.asp." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489 (Leftover Debug Code)" } ] } ] }, "references": { "reference_data": [ { "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", "refsource": "MISC", "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2017-5259", "datePublished": "2017-12-20T22:00:00", "dateReserved": "2017-01-09T00:00:00", "dateUpdated": "2024-08-05T14:55:35.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-5454 (GCVE-0-2018-5454)
Vulnerability from cvelistv5
- CWE-489 - LEFTOVER DEBUG CODE
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Philips | Philips IntelliSpace Portal |
Version: 8.0.x Version: 7.0.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:44.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" }, { "name": "103182", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103182" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Philips IntelliSpace Portal", "vendor": "Philips", "versions": [ { "status": "affected", "version": "8.0.x" }, { "status": "affected", "version": "7.0.x" } ] } ], "datePublic": "2018-02-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "LEFTOVER DEBUG CODE CWE-489", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-27T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" }, { "name": "103182", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103182" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-02-27T00:00:00", "ID": "CVE-2018-5454", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Philips IntelliSpace Portal", "version": { "version_data": [ { "version_value": "8.0.x" }, { "version_value": "7.0.x" } ] } } ] }, "vendor_name": "Philips" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "LEFTOVER DEBUG CODE CWE-489" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", "refsource": "CONFIRM", "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security" }, { "name": "103182", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103182" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-5454", "datePublished": "2018-03-26T14:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-16T16:57:42.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-10939 (GCVE-0-2019-10939)
Vulnerability from cvelistv5
- CWE-489 - Active Debug Code
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Siemens AG | TIM 3V-IE (incl. SIPLUS NET variants) |
Version: All versions < V2.8 |
|||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359303.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "TIM 3V-IE (incl. SIPLUS NET variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8" } ] }, { "product": "TIM 3V-IE Advanced (incl. SIPLUS NET variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8" } ] }, { "product": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "product": "TIM 4R-IE (incl. SIPLUS NET variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8" } ] }, { "product": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions \u003c V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489: Active Debug Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-14T19:50:54", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359303.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-10939", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "TIM 3V-IE (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.8" } ] } }, { "product_name": "TIM 3V-IE Advanced (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.8" } ] } }, { "product_name": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } }, { "product_name": "TIM 4R-IE (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.8" } ] } }, { "product_name": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V3.3" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions \u003c V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489: Active Debug Code" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-359303.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359303.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-10939", "datePublished": "2020-04-14T19:50:54", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-25156 (GCVE-0-2020-25156)
Vulnerability from cvelistv5
- CWE-489 - Active Debug Code
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | B. Braun Melsungen AG | SpaceCom |
Version: unspecified < Version: unspecified < |
|||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:09.778Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-25156", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T17:29:43.063614Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T17:55:34.722Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "SpaceCom", "vendor": "B. Braun Melsungen AG", "versions": [ { "lessThanOrEqual": "U61", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "L81", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Battery pack with Wi-Fi", "vendor": "B. Braun Melsungen AG", "versions": [ { "lessThanOrEqual": "U61", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "L81", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Data module compactplus", "vendor": "B. Braun Melsungen AG", "versions": [ { "status": "affected", "version": "A10" }, { "status": "affected", "version": "A11" } ] } ], "credits": [ { "lang": "en", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)." } ], "descriptions": [ { "lang": "en", "value": "Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489: Active Debug Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-14T20:05:53.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html" } ], "solutions": [ { "lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n" } ], "source": { "discovery": "EXTERNAL" }, "title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "workarounds": [ { "lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html" } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25156", "STATE": "PUBLIC", "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SpaceCom", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "U61" }, { "version_affected": "\u003c=", "version_value": "L81" } ] } }, { "product_name": "Battery pack with Wi-Fi", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "U61" }, { "version_affected": "\u003c=", "version_value": "L81" } ] } }, { "product_name": "Data module compactplus", "version": { "version_data": [ { "version_affected": "=", "version_value": "A10" }, { "version_affected": "=", "version_value": "A11" } ] } } ] }, "vendor_name": "B. Braun Melsungen AG" } ] } }, "credit": [ { "lang": "eng", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489: Active Debug Code" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02" }, { "name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "refsource": "CONFIRM", "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html" } ] }, "solution": [ { "lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n" } ], "source": { "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html" } ] } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25156", "datePublished": "2022-04-14T20:05:53.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T17:55:34.722Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-5756 (GCVE-0-2020-5756)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Tenable | Grandstream GWN7000 |
Version: Versions 1.0.9.4 and below |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:39:25.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2020-41" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Grandstream GWN7000", "vendor": "Tenable", "versions": [ { "status": "affected", "version": "Versions 1.0.9.4 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-17T20:16:27", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/research/tra-2020-41" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5756", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Grandstream GWN7000", "version": { "version_data": [ { "version_value": "Versions 1.0.9.4 and below" } ] } } ] }, "vendor_name": "Tenable" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2020-41", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/research/tra-2020-41" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5756", "datePublished": "2020-07-17T20:16:27", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-5763 (GCVE-0-2020-5763)
Vulnerability from cvelistv5
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Grandstream HT800 Series |
Version: Versions 1.0.17.5 and below |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:39:25.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2020-43" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2020-47" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Grandstream HT800 Series", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Versions 1.0.17.5 and below" } ] } ], "descriptions": [ { "lang": "en", "value": "Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T19:06:11", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2020-43" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2020-47" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5763", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Grandstream HT800 Series", "version": { "version_data": [ { "version_value": "Versions 1.0.17.5 and below" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2020-43", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-43" }, { "name": "https://www.tenable.com/security/research/tra-2020-47", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-47" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5763", "datePublished": "2020-07-29T18:51:50", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-8320 (GCVE-0-2020-8320)
Vulnerability from cvelistv5
- CWE-489 - Leftover Debug Code
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:56:28.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-30042" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIOS", "vendor": "Lenovo", "versions": [ { "status": "affected", "version": "various" } ] } ], "credits": [ { "lang": "en", "value": "Lenovo thanks Avery Mosher at SkySafe Inc." } ], "datePublic": "2020-06-09T00:00:00", "descriptions": [ { "lang": "en", "value": "An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489 Leftover Debug Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-09T19:50:34", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.lenovo.com/us/en/product_security/LEN-30042" } ], "solutions": [ { "lang": "en", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042." } ], "source": { "advisory": "LEN-30042", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2020-06-09T18:00:00.000Z", "ID": "CVE-2020-8320", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIOS", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": "Lenovo thanks Avery Mosher at SkySafe Inc." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489 Leftover Debug Code" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.lenovo.com/us/en/product_security/LEN-30042", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-30042" } ] }, "solution": [ { "lang": "en", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042." } ], "source": { "advisory": "LEN-30042", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8320", "datePublished": "2020-06-09T19:50:34.958967Z", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-09-16T17:33:07.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-8477 (GCVE-0-2020-8477)
Vulnerability from cvelistv5
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
ABB | System 800xA Information Manager |
Version: 5 < Version: 6.0 < Version: 6.1 < 6.1* |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:03:46.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "System 800xA Information Manager", "vendor": "ABB", "versions": [ { "lessThanOrEqual": "5.1", "status": "affected", "version": "5", "versionType": "custom" }, { "lessThanOrEqual": "6.0.3.2", "status": "affected", "version": "6.0", "versionType": "custom" }, { "lessThan": "6.1*", "status": "affected", "version": "6.1", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489 Leftover Debug Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-22T14:46:23", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ], "source": { "discovery": "UNKNOWN" }, "title": "ABB System 800xA Information Manager Remote Code Execution", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@ch.abb.com", "ID": "CVE-2020-8477", "STATE": "PUBLIC", "TITLE": "ABB System 800xA Information Manager Remote Code Execution" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "System 800xA Information Manager", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "5", "version_value": "5.1" }, { "version_affected": "\u003c=", "version_name": "6.0", "version_value": "6.0.3.2" }, { "version_affected": "\u003e=", "version_name": "6.1", "version_value": "6.1" } ] } } ] }, "vendor_name": "ABB" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-489 Leftover Debug Code" } ] } ] }, "references": { "reference_data": [ { "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2020-8477", "datePublished": "2020-04-22T14:46:23", "dateReserved": "2020-01-30T00:00:00", "dateUpdated": "2024-08-04T10:03:46.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-1381 (GCVE-0-2021-1381)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XE Software |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210324 Cisco IOS XE Software Active Debug Code Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1381", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:19:28.351905Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:31:08.089Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-03-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-24T20:20:20", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210324 Cisco IOS XE Software Active Debug Code Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s" } ], "source": { "advisory": "cisco-sa-XE-BLKH-Ouvrnf2s", "defect": [ [ "CSCvu78908" ] ], "discovery": "INTERNAL" }, "title": "Cisco IOS XE Software Active Debug Code Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-03-24T16:00:00", "ID": "CVE-2021-1381", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software Active Debug Code Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS XE Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "6.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489" } ] } ] }, "references": { "reference_data": [ { "name": "20210324 Cisco IOS XE Software Active Debug Code Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s" } ] }, "source": { "advisory": "cisco-sa-XE-BLKH-Ouvrnf2s", "defect": [ [ "CSCvu78908" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1381", "datePublished": "2021-03-24T20:20:21.002833Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:31:08.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-1391 (GCVE-0-2021-1391)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210324 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1391", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:47:44.292211Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:32:55.538Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-03-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-489", "description": "CWE-489", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-24T20:07:23", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210324 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc" } ], "source": { "advisory": "cisco-sa-XE-FSM-Yj8qJbJc", "defect": [ [ "CSCvu58308" ] ], "discovery": "INTERNAL" }, "title": "Cisco IOS and IOS XE Software Privilege Escalation Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-03-24T16:00:00", "ID": "CVE-2021-1391", "STATE": "PUBLIC", "TITLE": "Cisco IOS and IOS XE Software Privilege Escalation Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489" } ] } ] }, "references": { "reference_data": [ { "name": "20210324 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc" } ] }, "source": { "advisory": "cisco-sa-XE-FSM-Yj8qJbJc", "defect": [ [ "CSCvu58308" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1391", "datePublished": "2021-03-24T20:07:23.552405Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:32:55.538Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phases: Build and Compilation, Distribution
Description:
- Remove debug code before deploying the application.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
CAPEC-661: Root/Jailbreak Detection Evasion via Debugging
An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.