Sign-up

ID

VAR-201910-1868


TITLE

Alibaba Cloud IoT platform has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-34652

DESCRIPTION

Alibaba Cloud IoT platform is a cloud service platform for the IoT field. It communicates through mainstream IoT protocols (such as MQTT) and can build IoT projects between smart devices and the cloud. There is an unauthorized access vulnerability in the Alibaba Cloud IoT platform, and an attacker can use the vulnerability to always receive messages on the topic of the subscription.

Trust: 0.6

sources: CNVD: CNVD-2019-34652

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-34652

AFFECTED PRODUCTS

vendor:alibaba cloud computingmodel:iot platformscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-34652

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-34652
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-34652
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-34652

PATCH

title:Alibaba Cloud IoT platform has unauthorized access vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/180699

Trust: 0.6

sources: CNVD: CNVD-2019-34652

EXTERNAL IDS

db:CNVDid:CNVD-2019-34652

Trust: 0.6

sources: CNVD: CNVD-2019-34652

SOURCES

db:CNVDid:CNVD-2019-34652

LAST UPDATE DATE

2022-05-04T08:35:17.893000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-34652date:2019-10-12T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-34652date:2019-10-26T00:00:00