CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.detack.de/en/cve-2019-6265-6266	Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cordaware:bestinformed:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2019-02-25 23:29

Updated : 2023-12-10 12:44

NVD link : CVE-2019-6266

Mitre link : CVE-2019-6266

CVE.ORG link : CVE-2019-6266

JSON object : View

Products Affected

cordaware

bestinformed

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2019-6266", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-25T23:29:01.283", "references": [{"url": "https://www.detack.de/en/cve-2019-6265-6266", "tags": ["Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext."}, {"lang": "es", "value": "El cliente Cordaware bestinformed para Microsoft Windows, en versiones anteriores a la 6.2.1.0, se ha visto afectado por la verificaci\u00f3n de certificados SSL inseguros y patrones de acceso inseguros. Estos problemas permiten que los atacantes remotos degraden las conexiones cifradas a texto claro."}], "lastModified": "2019-02-28T20:03:03.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cordaware:bestinformed:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "A28CBF0E-1626-45C1-B162-091F48673A67", "versionEndExcluding": "6.2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}