CVE-2020-27220

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eclipse:hono::::::::
	cpe:2.3:a:eclipse:hono:1.5.0:::::::*

History

22 Jan 2021, 18:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:eclipse:hono:::::::: cpe:2.3:a:eclipse:hono:1.5.0:::::::*
CWE		CWE-862
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.0 v3 : 8.8
References	~~(CONFIRM) https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856 -~~	(CONFIRM) https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856 - Vendor Advisory

14 Jan 2021, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-14 23:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-27220

Mitre link : CVE-2020-27220

CVE.ORG link : CVE-2020-27220

JSON object : View

Products Affected

eclipse

hono

CWE

CWE-862

Missing Authorization

{"id": "CVE-2020-27220", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-01-14T23:15:13.040", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856", "tags": ["Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked."}, {"lang": "es", "value": "Los adaptadores de protocolo AMQP y MQTT de Eclipse Hono no comprueban si un dispositivo gateway autenticado est\u00e1 autorizado para recibir mensajes de comando y control cuando se ha suscrito solo a comandos para un dispositivo espec\u00edfico. La falta de comprobaci\u00f3n implica verificar que el dispositivo de destino del comando est\u00e9 configurado dando permiso para que el dispositivo gateway act\u00fae en su nombre. Esto significa que un dispositivo autenticado de un determinado inquilino, en particular tambi\u00e9n un dispositivo que no sea un gateway que act\u00faa como un gateway, puede recibir mensajes de comando y control direccionados hacia un dispositivo diferente del mismo inquilino sin que sean comprobados los permisos correspondientes"}], "lastModified": "2021-01-22T18:34:34.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:hono:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EA7972C-A4C7-4952-9850-6EFC12D23CEB", "versionEndIncluding": "1.4.4", "versionStartIncluding": "1.4.0"}, {"criteria": "cpe:2.3:a:eclipse:hono:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAD15477-6995-4EC3-B9F7-F6D664BD2134"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}