CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15862 – net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution
https://notcve.org/view.php?id=CVE-2020-15862
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Net-SNMP versiones hasta 5.7.3, presenta una Administración de Privilegios Inapropiada porque el acceso de SNMP WRITE en el EXTEND MIB provee la capacidad de ejecutar comandos arbitrarios como root. A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166 https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e https://security-tracker.debian.org/tracker/CVE-2020-15862 https://security.gentoo.org/glsa/202008-12 https://security.netapp.com/advisory/ntap-20200904-0001 https://usn.ubuntu.com/4471-1 https://access.redhat.com/security/cve/CVE-2020-15862 https://bugzilla.redhat.co • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2020-16166 – kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
https://notcve.org/view.php?id=CVE-2020-16166
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. El kernel de Linux versiones hasta 5.7.11, permite a atacantes remotos realizar observaciones que ayudan a obtener información confidencial sobre el estado interno de la red RNG, también se conoce como CID-f227e3ec3b5c. Esto está relacionado con los archivos drivers/char/random.c y kernel/time/timer.c A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html https://arxiv.org/pdf/2012.07432.pdf https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638 https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://lists.debian& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 3CVE-2020-15778 – openssh: scp allows command injection when using backtick characters in the destination argument
https://notcve.org/view.php?id=CVE-2020-15778
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." ** EN DISPUTA ** scp en OpenSSH versiones hasta 8.3p1 permite una inyección de comandos en la función toremote de scp.c, como lo demuestran los caracteres backtick en el argumento de destino. NOTA: según se informa, el proveedor ha declarado que omite intencionadamente la validación de las "transferencias de argumentos anómalos" porque eso podría "tener grandes posibilidades de romper los flujos de trabajo existentes" A flaw was found in the scp program shipped with the openssh-clients package. An attacker having the ability to scp files to a remote server, could execute arbitrary commands on the remote server by including the command as a part of the filename being copied on the server. This command is run with the permissions of user with which the files were copied on the remote server. • https://github.com/cpandya2909/CVE-2020-15778 https://github.com/Neko-chanQwQ/CVE-2020-15778-Exploit https://github.com/Evan-Zhangyf/CVE-2020-15778 https://access.redhat.com/errata/RHSA-2024:3166 https://news.ycombinator.com/item?id=25005567 https://security.gentoo.org/glsa/202212-06 https://security.netapp.com/advisory/ntap-20200731-0007 https://www.openssh.com/security.html https://access.redhat.com/security/cve/CVE-2020-15778 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14145 – openssh: Observable discrepancy leading to an information leak in the algorithm negotiation
https://notcve.org/view.php?id=CVE-2020-14145
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. El lado del cliente en OpenSSH versiones 5.7 hasta 8.4, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a unos intentos iniciales de conexión (donde ninguna clave de host para el servidor ha sido almacenada en caché por parte del cliente) NOTA: algunos informes afirman que las versiones 8.5 y 8.6 también están afectadas. • http://www.openwall.com/lists/oss-security/2020/12/02/1 https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d https://docs.ssh-mitm.at/CVE-2020-14145.html https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py https://security.gentoo.org/glsa/202105-35 https://security.netapp.com/advisory/ntap-20200709-0004 https://www. • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8573
https://notcve.org/view.php?id=CVE-2020-8573
The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS). El NetApp HCI H610C, H615C y H610S Baseboard Management Controller (BMC) se entrega con una cuenta y una contraseña predeterminadas documentadas que deben ser cambiadas durante la configuración inicial del nodo. Durante las actualizaciones en Element versiones 11.8 y 12.0 o el Compute Firmware Bundle 12.2.92, la contraseña de la cuenta de BMC H610C, H615C y H610S se restablece al valor documentado predeterminado el cual permite a atacantes remotos causar una Denegación de Servicio (DoS) • https://security.netapp.com/advisory/ntap-20200626-0001 • CWE-798: Use of Hard-coded Credentials •