CVE-2020-15785

{"id": "CVE-2020-15785", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-09-09T19:15:19.587", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Siveillance Video Client (todas las versiones). En entornos donde la autenticaci\u00f3n NTLM de Windows est\u00e1 habilitada, la aplicaci\u00f3n cliente afectada transmite los nombres de usuario al servidor en texto sin cifrar. Esto podr\u00eda permitir a un atacante en una posici\u00f3n de red privilegiada obtener nombres de inicio de sesi\u00f3n de administrador v\u00e1lidos y use esta informaci\u00f3n para iniciar nuevos ataques."}], "lastModified": "2023-01-27T18:21:38.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:siveillance_video_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CE8B8B3-22F1-4997-AEE3-EEAF4675D417"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}