Sign-up

ID

VAR-202004-2080


CVE

CVE-2020-7133


TITLE

HPE IOT + GCP Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004935

DESCRIPTION

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. HPE IOT + GCP Exists in a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. HPE UIoT is a set of universal Internet of Things platforms for Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security, and synchronization management. There is a security hole in HPE IOT + GCP. The following products and versions are affected: HPE IOT + GCP version 1.4.0, version 1.4.1, version 1.4.2, version 1.2.4.2

Trust: 2.79

sources: NVD: CVE-2020-7133 // JVNDB: JVNDB-2020-004935 // CNVD: CNVD-2020-33330 // CNNVD: CNNVD-202004-2135 // VULMON: CVE-2020-7133

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33330

AFFECTED PRODUCTS

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.2.4.2

Trust: 1.0

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.4.0

Trust: 1.0

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.4.2

Trust: 1.0

vendor:hpmodel:hpe iot \+ gcpscope:eqversion:1.4.1

Trust: 1.0

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.2.4.2

Trust: 0.8

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.4.0

Trust: 0.8

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.4.1

Trust: 0.8

vendor:hewlett packardmodel:hpe iot + gcpscope:eqversion:1.4.2

Trust: 0.8

vendor:hpemodel:uiotscope:lteversion:<=1.4.2

Trust: 0.6

sources: CNVD: CNVD-2020-33330 // JVNDB: JVNDB-2020-004935 // NVD: CVE-2020-7133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7133
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004935
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-33330
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2135
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-7133
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-7133
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004935
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33330
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7133
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004935
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33330 // VULMON: CVE-2020-7133 // JVNDB: JVNDB-2020-004935 // CNNVD: CNNVD-202004-2135 // NVD: CVE-2020-7133

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-862

Trust: 0.8

sources: JVNDB: JVNDB-2020-004935 // NVD: CVE-2020-7133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2135

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2135

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004935

PATCH
title:hpesbhf03947en_usurl:https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03947en_us
Trust: 0.8
title:Patch for HPE UIoT Unauthorized Access Vulnerability (CNVD-2020-33330)url:https://www.cnvd.org.cn/patchInfo/show/221857
Trust: 0.6
title:HPE UIoT Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117058
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33330 // 
            
            
            
            JVNDB: JVNDB-2020-004935 // 
            
            
            
            CNNVD: CNNVD-202004-2135

EXTERNAL IDS
db:NVDid:CVE-2020-7133
Trust: 3.1
db:JVNDBid:JVNDB-2020-004935
Trust: 0.8
db:CNVDid:CNVD-2020-33330
Trust: 0.6
db:CNNVDid:CNNVD-202004-2135
Trust: 0.6
db:VULMONid:CVE-2020-7133
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-33330 // 
            
            
            
            VULMON: CVE-2020-7133 // 
            
            
            
            JVNDB: JVNDB-2020-004935 // 
            
            
            
            CNNVD: CNNVD-202004-2135 // 
            
            
            
            NVD: CVE-2020-7133

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-7133
Trust: 2.0
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03947en_us
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7133
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-33330 // 
            
            
            
            VULMON: CVE-2020-7133 // 
            
            
            
            JVNDB: JVNDB-2020-004935 // 
            
            
            
            CNNVD: CNNVD-202004-2135 // 
            
            
            
            NVD: CVE-2020-7133

SOURCES
db:CNVDid:CNVD-2020-33330
db:VULMONid:CVE-2020-7133
db:JVNDBid:JVNDB-2020-004935
db:CNNVDid:CNNVD-202004-2135
db:NVDid:CVE-2020-7133

LAST UPDATE DATE
2024-11-23T22:37:24.365000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33330date:2020-06-16T00:00:00
db:VULMONid:CVE-2020-7133date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-004935date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2135date:2020-06-24T00:00:00
db:NVDid:CVE-2020-7133date:2024-11-21T05:36:41.353

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33330date:2020-06-16T00:00:00
db:VULMONid:CVE-2020-7133date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2020-004935date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-2135date:2020-04-24T00:00:00
db:NVDid:CVE-2020-7133date:2020-04-24T19:15:13.410