Sign-up

ID

VAR-202101-0328


CVE

CVE-2020-27220


TITLE

Eclipse Hono  Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-015563

DESCRIPTION

The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked. Eclipse Hono Is vulnerable to a lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Eclipse Hono is a software of the Eclipse Foundation for providing a control interface for connected IOT devices. The software connects a large number of IOT devices and provides a unified access interface for external control

Trust: 2.16

sources: NVD: CVE-2020-27220 // JVNDB: JVNDB-2020-015563 // CNNVD: CNNVD-202101-1131

AFFECTED PRODUCTS

vendor:eclipsemodel:honoscope:eqversion:1.5.0

Trust: 1.0

vendor:eclipsemodel:honoscope:lteversion:1.4.4

Trust: 1.0

vendor:eclipsemodel:honoscope:gteversion:1.4.0

Trust: 1.0

vendor:eclipsemodel:honoscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015563 // NVD: CVE-2020-27220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27220
value: HIGH

Trust: 1.0

NVD: CVE-2020-27220
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1131
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-27220
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-27220
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-27220
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-015563 // CNNVD: CNNVD-202101-1131 // NVD: CVE-2020-27220

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:Lack of authentication (CWE-862) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015563 // NVD: CVE-2020-27220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1131

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1131

PATCH

title:Bug 569856url:https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856

Trust: 0.8

title:Eclipse Hono Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139564

Trust: 0.6

sources: JVNDB: JVNDB-2020-015563 // CNNVD: CNNVD-202101-1131

EXTERNAL IDS

db:NVDid:CVE-2020-27220

Trust: 2.4

db:JVNDBid:JVNDB-2020-015563

Trust: 0.8

db:CNNVDid:CNNVD-202101-1131

Trust: 0.6

sources: JVNDB: JVNDB-2020-015563 // CNNVD: CNNVD-202101-1131 // NVD: CVE-2020-27220

REFERENCES

url:https://bugs.eclipse.org/bugs/show_bug.cgi?id=569856

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-27220

Trust: 1.4

sources: JVNDB: JVNDB-2020-015563 // CNNVD: CNNVD-202101-1131 // NVD: CVE-2020-27220

SOURCES

db:JVNDBid:JVNDB-2020-015563
db:CNNVDid:CNNVD-202101-1131
db:NVDid:CVE-2020-27220

LAST UPDATE DATE

2024-11-23T22:25:13.191000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-015563date:2021-10-05T06:07:00
db:CNNVDid:CNNVD-202101-1131date:2021-01-25T00:00:00
db:NVDid:CVE-2020-27220date:2024-11-21T05:20:53.370

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-015563date:2021-10-05T00:00:00
db:CNNVDid:CNNVD-202101-1131date:2021-01-14T00:00:00
db:NVDid:CVE-2020-27220date:2021-01-14T23:15:13.040