CVE-2020-8169

Published: Dec 14, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

Affected (7)

Products: Haxx: Curl · Siemens: Simatic Tim 1531 Irc Firmware, Sinec Infrastructure Network Services · Debian: Debian Linux · +1 more

Show all products

Haxx: Curl · Siemens: Simatic Tim 1531 Irc Firmware, Sinec Infrastructure Network Services · Debian: Debian Linux · Splunk: Universal Forwarder

Haxx

1 product

Curl

Siemens

2 products

Simatic Tim 1531 Irc Firmware

Sinec Infrastructure Network Services

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	From 7.62.0 to 7.70.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Tim 1531 Irc Firmware	Before 2.2

Running on/with	Platform Versions
Siemens Simatic Tim 1531 Irc	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Infrastructure Network Services	Before 1.0.1.1

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Splunk Universal Forwarder	From 8.2.0 to 8.2.12
Splunk Universal Forwarder	From 9.0.0 to 9.0.6
Splunk Universal Forwarder	Version 9.1.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf

Source: support@hackerone.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: support@hackerone.com

PatchThird Party Advisory

https://curl.se/docs/CVE-2020-8169.html

Source: support@hackerone.com

Vendor Advisory

https://hackerone.com/reports/874778

Source: support@hackerone.com

ExploitThird Party Advisory

https://www.debian.org/security/2021/dsa-4881

Source: support@hackerone.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf