CVE-2020-17383

{"id": "CVE-2020-17383", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-01-24T20:15:07.923", "references": [{"url": "https://sra.io/blog-post/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://sra.io/blog/this-traversal-had-a-face-for-radio-cve-2020-17383/", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.telosalliance.com/downloads?search=software-updates#downloadListing", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorios en los dispositivos Telos Z/IP One versiones hasta 4.0.0r, permite a un individuo no autenticado acceder a nivel de root al sistema de archivos del dispositivo. Esto puede usarse para identificar los ajustes de configuraci\u00f3n, los hashes de las contrase\u00f1as de las cuentas integradas y la contrase\u00f1a en texto claro para la configuraci\u00f3n remota del dispositivo a trav\u00e9s de la WebUI"}], "lastModified": "2022-01-28T18:42:15.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:telosalliance:z\\/ip_one_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10D76D28-9502-48FE-8560-E0C1838BFE1E", "versionEndIncluding": "4.0.0r"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:telosalliance:z\\/ip_one:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "79FD2660-06A8-4D2D-910F-0492755D0352"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}