Sign-up

ID

VAR-202006-1299


CVE

CVE-2020-3929


TITLE

GeoVision Door Access Control Cryptographic strength vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-006699

DESCRIPTION

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages

Trust: 1.62

sources: NVD: CVE-2020-3929 // JVNDB: JVNDB-2020-006699

AFFECTED PRODUCTS

vendor:usavisionsysmodel:geovision gv-gf192xscope:ltversion:1.10

Trust: 1.0

vendor:usavisionsysmodel:geovision gv-as810scope:ltversion:2.21

Trust: 1.0

vendor:usavisionsysmodel:geovision gv-as210scope:ltversion:2.21

Trust: 1.0

vendor:usavisionsysmodel:geovision gv-as410scope:ltversion:2.21

Trust: 1.0

vendor:usavisionsysmodel:geovision gv-as1010scope:ltversion:1.32

Trust: 1.0

vendor:geovisionmodel:gv-as1010scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv-as210scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv-as410scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv-as810scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv-gf192xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006699 // NVD: CVE-2020-3929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3929
value: MEDIUM

Trust: 1.0

twcert@cert.org.tw: CVE-2020-3929
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006699
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-982
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-3929
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006699
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-3929
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-006699
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-006699 // CNNVD: CNNVD-202006-982 // NVD: CVE-2020-3929 // NVD: CVE-2020-3929

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.8

sources: JVNDB: JVNDB-2020-006699 // NVD: CVE-2020-3929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-982

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-982

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006699

PATCH
title:Top Pageurl:https://www.geovision.com.tw/
Trust: 0.8
title:Multiple GeoVision Product encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122046
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006699 // 
            
            
            
            CNNVD: CNNVD-202006-982

EXTERNAL IDS
db:NVDid:CVE-2020-3929
Trust: 2.4
db:JVNDBid:JVNDB-2020-006699
Trust: 0.8
db:CNNVDid:CNNVD-202006-982
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006699 // 
            
            
            
            CNNVD: CNNVD-202006-982 // 
            
            
            
            NVD: CVE-2020-3929

REFERENCES
url:https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-3929
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3929
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-006699 // 
            
            
            
            CNNVD: CNNVD-202006-982 // 
            
            
            
            NVD: CVE-2020-3929

CREDITS
Acronis
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-982

SOURCES
db:JVNDBid:JVNDB-2020-006699
db:CNNVDid:CNNVD-202006-982
db:NVDid:CVE-2020-3929

LAST UPDATE DATE
2024-11-23T21:51:27.209000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-006699date:2020-07-15T00:00:00
db:CNNVDid:CNNVD-202006-982date:2020-06-19T00:00:00
db:NVDid:CVE-2020-3929date:2024-11-21T05:31:58.740

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-006699date:2020-07-15T00:00:00
db:CNNVDid:CNNVD-202006-982date:2020-06-12T00:00:00
db:NVDid:CVE-2020-3929date:2020-06-12T09:15:10.380