CVE-2020-27488

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever). Once an individual device's firmware is updated, and authentication occurs once, the cloud service recategorizes the device so that authentication is subsequently always required, and spoofing cannot occur.

Los dispositivos Loxone Miniserver con versiones de firmware anteriores a 11.1 (también se conoce como versión 11.1.9.3) no pueden utilizar un método de autenticación que se base en la "signature of the update package". Por lo tanto, estos dispositivos (o atacantes que falsifican estos dispositivos) pueden continuar usando un servicio en la nube no autenticado durante un período de tiempo indeterminado (posiblemente para siempre). Una vez que el firmware es actualizado de un dispositivo individual y la autenticación ocurre una vez, el servicio en la nube recategoriza el dispositivo para que la autenticación sea posteriormente requerida siempre y no pueda ocurrir una suplantación de identidad.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-21 CVE Reserved
2021-01-13 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2024-09-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://iot-lab-fh-ooe.github.io/loxone_clouddns_schwachstelle	2024-08-04
https://iot-lab-fh-ooe.github.io/loxone_clouddns_vulnerability	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://www.loxone.com/dede/sicherheit-cloud-dns	2021-01-21
https://www.loxone.com/enen/security-cloud-dns	2021-01-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Loxone Search vendor "Loxone"	Miniserver Gen 1 Firmware Search vendor "Loxone" for product "Miniserver Gen 1 Firmware"	< 11.1.9.3 Search vendor "Loxone" for product "Miniserver Gen 1 Firmware" and version " < 11.1.9.3"	-	Affected	in	Loxone Search vendor "Loxone"	Miniserver Gen 1 Search vendor "Loxone" for product "Miniserver Gen 1"	-	-	Safe