CVE-2020-16280

Published: Aug 20, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.

Affected (1)

Products: Rangee: Rangeeos

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rangee Rangeeos	Version 8.0.4

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.contextis.com/en/resources/advisories/cve-2020-16280

Source: cve@mitre.org

Third Party Advisory

https://www.contextis.com/en/resources/advisories/cve-2020-16280

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.