Details of VAR-202010-0833

ID

VAR-202010-0833

CVE

CVE-2020-24375

TITLE

Freebox Server Spoofing Authentication Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012656

DESCRIPTION

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a spoofing authentication evasion vulnerability.Information may be obtained. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV. Versions of Freebox Server prior to 4.2.3 have security vulnerabilities. The vulnerabilities stem from the existence of DNS rebinding vulnerabilities in the implementation of UPnP MediaServer, allowing attackers to gain access to the local area network by manipulating the DNS (Domain Name Service) working mechanism

Trust: 2.25

sources: NVD: CVE-2020-24375 // JVNDB: JVNDB-2020-012656 // CNVD: CNVD-2020-64596 // VULMON: CVE-2020-24375

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-64596

AFFECTED PRODUCTS

vendor:	free	model:	freebox server	scope:	lt	version:	4.2.3	Trust: 1.0
vendor:	free	model:	freebox v5	scope:	lt	version:	1.5.29	Trust: 1.0
vendor:	free	model:	freebox server	scope:	-	version:	-	Trust: 0.8
vendor:	free	model:	freebox v5	scope:	-	version:	-	Trust: 0.8
vendor:	freebox	model:	server	scope:	lt	version:	4.2.3	Trust: 0.6

sources: CNVD: CNVD-2020-64596 // JVNDB: JVNDB-2020-012656 // NVD: CVE-2020-24375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24375
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-24375
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-64596
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-883
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-24375
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-24375
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-64596
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-24375
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24375
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-64596 // VULMON: CVE-2020-24375 // JVNDB: JVNDB-2020-012656 // CNNVD: CNNVD-202010-883 // NVD: CVE-2020-24375

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.0
problemtype:	Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012656 // NVD: CVE-2020-24375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-883

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-883

PATCH

title:	freebox	url:	https://dev.freebox.fr/blog/?p=10222	Trust: 0.8
title:	Patch for Freebox server DNS rebinding vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/240430	Trust: 0.6
title:	Freebox server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131412	Trust: 0.6

sources: CNVD: CNVD-2020-64596 // JVNDB: JVNDB-2020-012656 // CNNVD: CNNVD-202010-883

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24375	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012656	Trust: 0.8
db:	CNVD	id:	CNVD-2020-64596	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-883	Trust: 0.6
db:	VULMON	id:	CVE-2020-24375	Trust: 0.1

sources: CNVD: CNVD-2020-64596 // VULMON: CVE-2020-24375 // JVNDB: JVNDB-2020-012656 // CNNVD: CNNVD-202010-883 // NVD: CVE-2020-24375

REFERENCES

url:	https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24375	Trust: 2.0
url:	https://dev.freebox.fr/blog/?p=10222	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/290.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-64596 // VULMON: CVE-2020-24375 // JVNDB: JVNDB-2020-012656 // CNNVD: CNNVD-202010-883 // NVD: CVE-2020-24375

SOURCES

db:	CNVD	id:	CNVD-2020-64596
db:	VULMON	id:	CVE-2020-24375
db:	JVNDB	id:	JVNDB-2020-012656
db:	CNNVD	id:	CNNVD-202010-883
db:	NVD	id:	CVE-2020-24375

LAST UPDATE DATE

2024-11-23T22:25:20.909000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-64596	date:	2020-11-19T00:00:00
db:	VULMON	id:	CVE-2020-24375	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012656	date:	2021-05-20T06:18:00
db:	CNNVD	id:	CNNVD-202010-883	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2020-24375	date:	2024-11-21T05:14:41.883

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-64596	date:	2020-11-19T00:00:00
db:	VULMON	id:	CVE-2020-24375	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012656	date:	2021-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202010-883	date:	2020-10-19T00:00:00
db:	NVD	id:	CVE-2020-24375	date:	2020-10-19T19:15:14.753