CVE-2020-29055

Published: Nov 24, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

Affected (112)

Products: Cdatatec: 72408a Firmware, 9008a Firmware, 9016a Firmware, 92408a Firmware, 92416a Firmware, 9288 Firmware, 97016 Firmware, 97024p Firmware, 97028p Firmware, 97042p Firmware, 97084p Firmware, 97168p Firmware, Fd1002s Firmware, Fd1104 Firmware, Fd1104b Firmware, Fd1104s Firmware, Fd1104sn Firmware, Fd1108s Firmware, Fd1204s R2 Firmware, Fd1204sn Firmware, Fd1204sn R2 Firmware, Fd1208s R2 Firmware, Fd1216s R1 Firmware, Fd1608gs Firmware, Fd1608sn Firmware, Fd1616gs Firmware, Fd1616sn Firmware, Fd8000 Firmware

28 products

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 72408a Firmware	Version 1.2.2
Cdatatec 72408a Firmware	Version 2.4.03_000
Cdatatec 72408a Firmware	Version 2.4.04_001
Cdatatec 72408a Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 72408a	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 9008a Firmware	Version 1.2.2
Cdatatec 9008a Firmware	Version 2.4.03_000
Cdatatec 9008a Firmware	Version 2.4.04_001
Cdatatec 9008a Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 9008a	All versions

Configuration C

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 9016a Firmware	Version 1.2.2
Cdatatec 9016a Firmware	Version 2.4.03_000
Cdatatec 9016a Firmware	Version 2.4.04_001
Cdatatec 9016a Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 9016a	All versions

Configuration D

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 92408a Firmware	Version 1.2.2
Cdatatec 92408a Firmware	Version 2.4.03_000
Cdatatec 92408a Firmware	Version 2.4.04_001
Cdatatec 92408a Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 92408a	All versions

Configuration E

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 92416a Firmware	Version 1.2.2
Cdatatec 92416a Firmware	Version 2.4.03_000
Cdatatec 92416a Firmware	Version 2.4.04_001
Cdatatec 92416a Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 92416a	All versions

Configuration F

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 9288 Firmware	Version 1.2.2
Cdatatec 9288 Firmware	Version 2.4.03_000
Cdatatec 9288 Firmware	Version 2.4.04_001
Cdatatec 9288 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 9288	All versions

Configuration G

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 97016 Firmware	Version 1.2.2
Cdatatec 97016 Firmware	Version 2.4.03_000
Cdatatec 97016 Firmware	Version 2.4.04_001
Cdatatec 97016 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 97016	All versions

Configuration H

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 97024p Firmware	Version 1.2.2
Cdatatec 97024p Firmware	Version 2.4.03_000
Cdatatec 97024p Firmware	Version 2.4.04_001
Cdatatec 97024p Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 97024p	All versions

Configuration I

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 97028p Firmware	Version 1.2.2
Cdatatec 97028p Firmware	Version 2.4.03_000
Cdatatec 97028p Firmware	Version 2.4.04_001
Cdatatec 97028p Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 97028p	All versions

Configuration J

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 97042p Firmware	Version 1.2.2
Cdatatec 97042p Firmware	Version 2.4.03_000
Cdatatec 97042p Firmware	Version 2.4.04_001
Cdatatec 97042p Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 97042p	All versions

Configuration K

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 97084p Firmware	Version 1.2.2
Cdatatec 97084p Firmware	Version 2.4.03_000
Cdatatec 97084p Firmware	Version 2.4.04_001
Cdatatec 97084p Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 97084p	All versions

Configuration L

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec 97168p Firmware	Version 1.2.2
Cdatatec 97168p Firmware	Version 2.4.03_000
Cdatatec 97168p Firmware	Version 2.4.04_001
Cdatatec 97168p Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec 97168p	All versions

Configuration M

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1002s Firmware	Version 1.2.2
Cdatatec Fd1002s Firmware	Version 2.4.03_000
Cdatatec Fd1002s Firmware	Version 2.4.04_001
Cdatatec Fd1002s Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1002s	All versions

Configuration N

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1104 Firmware	Version 1.2.2
Cdatatec Fd1104 Firmware	Version 2.4.03_000
Cdatatec Fd1104 Firmware	Version 2.4.04_001
Cdatatec Fd1104 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1104	All versions

Configuration O

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1104b Firmware	Version 1.2.2
Cdatatec Fd1104b Firmware	Version 2.4.03_000
Cdatatec Fd1104b Firmware	Version 2.4.04_001
Cdatatec Fd1104b Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1104b	All versions

Configuration P

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1104s Firmware	Version 1.2.2
Cdatatec Fd1104s Firmware	Version 2.4.03_000
Cdatatec Fd1104s Firmware	Version 2.4.04_001
Cdatatec Fd1104s Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1104s	All versions

Configuration Q

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1104sn Firmware	Version 1.2.2
Cdatatec Fd1104sn Firmware	Version 2.4.03_000
Cdatatec Fd1104sn Firmware	Version 2.4.04_001
Cdatatec Fd1104sn Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1104sn	All versions

Configuration R

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1108s Firmware	Version 1.2.2
Cdatatec Fd1108s Firmware	Version 2.4.03_000
Cdatatec Fd1108s Firmware	Version 2.4.04_001
Cdatatec Fd1108s Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1108s	All versions

Configuration S

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1204s R2 Firmware	Version 1.2.2
Cdatatec Fd1204s R2 Firmware	Version 2.4.03_000
Cdatatec Fd1204s R2 Firmware	Version 2.4.04_001
Cdatatec Fd1204s R2 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1204s R2	All versions

Configuration T

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1204sn Firmware	Version 1.2.2
Cdatatec Fd1204sn Firmware	Version 2.4.03_000
Cdatatec Fd1204sn Firmware	Version 2.4.04_001
Cdatatec Fd1204sn Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1204sn	All versions

Configuration U

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1204sn R2 Firmware	Version 1.2.2
Cdatatec Fd1204sn R2 Firmware	Version 2.4.03_000
Cdatatec Fd1204sn R2 Firmware	Version 2.4.04_001
Cdatatec Fd1204sn R2 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1204sn R2	All versions

Configuration V

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1208s R2 Firmware	Version 1.2.2
Cdatatec Fd1208s R2 Firmware	Version 2.4.03_000
Cdatatec Fd1208s R2 Firmware	Version 2.4.04_001
Cdatatec Fd1208s R2 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1208s R2	All versions

Configuration W

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1216s R1 Firmware	Version 1.2.2
Cdatatec Fd1216s R1 Firmware	Version 2.4.03_000
Cdatatec Fd1216s R1 Firmware	Version 2.4.04_001
Cdatatec Fd1216s R1 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1216s R1	All versions

Configuration X

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1608gs Firmware	Version 1.2.2
Cdatatec Fd1608gs Firmware	Version 2.4.03_000
Cdatatec Fd1608gs Firmware	Version 2.4.04_001
Cdatatec Fd1608gs Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1608gs	All versions

Configuration Y

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1608sn Firmware	Version 1.2.2
Cdatatec Fd1608sn Firmware	Version 2.4.03_000
Cdatatec Fd1608sn Firmware	Version 2.4.04_001
Cdatatec Fd1608sn Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1608sn	All versions

Configuration Z

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1616gs Firmware	Version 1.2.2
Cdatatec Fd1616gs Firmware	Version 2.4.03_000
Cdatatec Fd1616gs Firmware	Version 2.4.04_001
Cdatatec Fd1616gs Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1616gs	All versions

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd1616sn Firmware	Version 1.2.2
Cdatatec Fd1616sn Firmware	Version 2.4.03_000
Cdatatec Fd1616sn Firmware	Version 2.4.04_001
Cdatatec Fd1616sn Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd1616sn	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cdatatec Fd8000 Firmware	Version 1.2.2
Cdatatec Fd8000 Firmware	Version 2.4.03_000
Cdatatec Fd8000 Firmware	Version 2.4.04_001
Cdatatec Fd8000 Firmware	Version 2.4.05_000

Running on/with	Platform Versions
Cdatatec Fd8000	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.