CVSS: 9.8EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29054
https://notcve.org/view.php?id=CVE-2020-29054
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD20D1104SN, FD1104S, FD20D1104SN, R220D1104SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN y FD8000. Los atacantes pueden usar "show system infor" para detectar credenciales TELNET en texto sin cifrar • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.9EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29055
https://notcve.org/view.php?id=CVE-2020-29055
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD20D1104SN, FD1104S, FD20D1104SN, R220D1104SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN y FD8000. • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29056
https://notcve.org/view.php?id=CVE-2020-29056
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD20D1104SN, FD1104S, FD20D1104SN, R220D1104SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN y FD8000. Uno puede escapar de un shell y adquirir privilegios de root aprovechando la configuración de descarga TFTP • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29057
https://notcve.org/view.php?id=CVE-2020-29057
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD20D1104SN, FD1104S, FD20D1104SN, R220D1104SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN y FD8000. Permite a atacantes remotos causar una denegación de servicio (reinicio) enviando bytes aleatorios al servidor telnet en el puerto 23, también se conoce como un ataque de tipo "shawarma" • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html •
CVSS: 9.8EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29058
https://notcve.org/view.php?id=CVE-2020-29058
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD20D1104SN, FD1104S, FD20D1104SN, R220D1104SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN y FD8000. Los atacantes pueden detectar credenciales de servidor web en texto sin cifrar por medio de determinadas peticiones /opt/lighttpd/web/cgi/ • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html • CWE-306: Missing Authentication for Critical Function •