CVE-2020-28333

{"id": "CVE-2020-28333", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-11-24T19:15:10.823", "references": [{"url": "http://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a \"SEID\" token that is appended to the end of URLs in GET requests. Thus the \"SEID\" would be exposed in web proxy logs and browser history. An attacker that is able to capture the \"SEID\" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials."}, {"lang": "es", "value": "Los dispositivos Barco wePresent WiPG-1600W permiten una Omisi\u00f3n de Autenticaci\u00f3n. Versi\u00f3n(es) afectada(s): 2.5.1.8. La interfaz web Barco wePresent WiPG-1600W no utiliza cookies de sesi\u00f3n para rastrear sesiones autenticadas. En su lugar, la interfaz web utiliza un token \"SEID\" que es agregado al final de las URL en las peticiones GET. Por lo tanto, el \"SEID\" estar\u00eda expuesto en los registros del proxy web y en el historial del navegador. Un atacante que es capaz de capturar el \"SEID\" y originar peticiones desde la misma direcci\u00f3n IP (por medio de un dispositivo NAT o proxy web) podr\u00eda ser capaz de acceder a la interfaz de usuario del dispositivo sin tener que conocer las credenciales"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2D35A0-E5B5-4A4F-911F-7621CAD17BE6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:barco:wepresent_wipg-1600w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6EDF943-F79F-4729-A15C-BEDFDAC42EA3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}