Sign-up

ID

VAR-202003-1436


CVE

CVE-2020-5723


TITLE

UCM6200 Vulnerability in plaintext storage of important information in series

Trust: 0.8

sources: JVNDB: JVNDB-2020-003514

DESCRIPTION

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. UCM6200 The series contains a vulnerability in the plaintext storage of important information.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream UCM6200 is a set of enterprise-level switches used for IP telephone communication by the US company Grandstream. Grandstream UCM6200 series 1.0.20.22 and previous versions have security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2020-5723 // JVNDB: JVNDB-2020-003514 // CNVD: CNVD-2020-20679 // VULMON: CVE-2020-5723

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20679

AFFECTED PRODUCTS

vendor:grandstreammodel:ucm6204scope:ltversion:1.0.20.22

Trust: 1.0

vendor:grandstreammodel:ucm6208scope:ltversion:1.0.20.22

Trust: 1.0

vendor:grandstreammodel:ucm6202scope:ltversion:1.0.20.22

Trust: 1.0

vendor:grandstreammodel:ucm6202scope:eqversion:1.0.20.22

Trust: 0.8

vendor:grandstreammodel:ucm6204scope:eqversion:1.0.20.22

Trust: 0.8

vendor:grandstreammodel:ucm6208scope:eqversion:1.0.20.22

Trust: 0.8

vendor:grandstreammodel:ucm6200scope:lteversion:<=1.0.20.22

Trust: 0.6

sources: CNVD: CNVD-2020-20679 // JVNDB: JVNDB-2020-003514 // NVD: CVE-2020-5723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5723
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003514
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20679
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1713
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-5723
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5723
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003514
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-20679
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5723
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003514
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-20679 // VULMON: CVE-2020-5723 // JVNDB: JVNDB-2020-003514 // CNNVD: CNNVD-202003-1713 // NVD: CVE-2020-5723

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.8

sources: JVNDB: JVNDB-2020-003514 // NVD: CVE-2020-5723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1713

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1713

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003514

PATCH
title:UCM6200 seriesurl:http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series
Trust: 0.8
title:Patch for Grandstream UCM6200 privilege elevation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/211855
Trust: 0.6
title:Grandstream UCM6200 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113108
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20679 // 
            
            
            
            JVNDB: JVNDB-2020-003514 // 
            
            
            
            CNNVD: CNNVD-202003-1713

EXTERNAL IDS
db:NVDid:CVE-2020-5723
Trust: 3.1
db:TENABLEid:TRA-2020-17
Trust: 2.5
db:JVNDBid:JVNDB-2020-003514
Trust: 0.8
db:CNVDid:CNVD-2020-20679
Trust: 0.6
db:CNNVDid:CNNVD-202003-1713
Trust: 0.6
db:VULMONid:CVE-2020-5723
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-20679 // 
            
            
            
            VULMON: CVE-2020-5723 // 
            
            
            
            JVNDB: JVNDB-2020-003514 // 
            
            
            
            CNNVD: CNNVD-202003-1713 // 
            
            
            
            NVD: CVE-2020-5723

REFERENCES
url:https://www.tenable.com/security/research/tra-2020-17
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-5723
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5723
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/312.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-5723 // 
            
            
            
            JVNDB: JVNDB-2020-003514 // 
            
            
            
            CNNVD: CNNVD-202003-1713 // 
            
            
            
            NVD: CVE-2020-5723

SOURCES
db:CNVDid:CNVD-2020-20679
db:VULMONid:CVE-2020-5723
db:JVNDBid:JVNDB-2020-003514
db:CNNVDid:CNNVD-202003-1713
db:NVDid:CVE-2020-5723

LAST UPDATE DATE
2024-11-23T22:25:34.279000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20679date:2020-04-01T00:00:00
db:VULMONid:CVE-2020-5723date:2020-04-01T00:00:00
db:JVNDBid:JVNDB-2020-003514date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1713date:2020-04-10T00:00:00
db:NVDid:CVE-2020-5723date:2024-11-21T05:34:29.200

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20679date:2020-03-31T00:00:00
db:VULMONid:CVE-2020-5723date:2020-03-30T00:00:00
db:JVNDBid:JVNDB-2020-003514date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1713date:2020-03-30T00:00:00
db:NVDid:CVE-2020-5723date:2020-03-30T20:15:19.883