CVE-2020-29055
Severity CVSS v4.0:
Pending analysis
Type:
CWE-319
Cleartext Transmission of Sensitive Information
Publication date:
24/11/2020
Last modified:
11/03/2021
Description
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cdatatec:72408a_firmware:1.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:72408a_firmware:2.4.03_000:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:72408a_firmware:2.4.04_001:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:72408a_firmware:2.4.05_000:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cdatatec:72408a:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9008a_firmware:1.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9008a_firmware:2.4.03_000:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9008a_firmware:2.4.04_001:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9008a_firmware:2.4.05_000:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cdatatec:9008a:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9016a_firmware:1.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9016a_firmware:2.4.03_000:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9016a_firmware:2.4.04_001:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cdatatec:9016a_firmware:2.4.05_000:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cdatatec:9016a:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page