CVE-2020-5723

Published: Mar 30, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

Affected (3)

Products: Grandstream: Ucm6202 Firmware, Ucm6204 Firmware, Ucm6208 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Grandstream Ucm6202 Firmware	Before 1.0.20.22

Running on/with	Platform Versions
Grandstream Ucm6202	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Grandstream Ucm6204 Firmware	Before 1.0.20.22

Running on/with	Platform Versions
Grandstream Ucm6204	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Grandstream Ucm6208 Firmware	Before 1.0.20.22

Running on/with	Platform Versions
Grandstream Ucm6208	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.tenable.com/security/research/tra-2020-17

Source: vulnreport@tenable.com

ExploitThird Party Advisory

https://www.tenable.com/security/research/tra-2020-17

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.