// For flags

CVE-2020-27688

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.

El ejecutable RVToolsPasswordEncryption.exe en RVTools versión 4.0.6, permite a usuarios cifrar las contraseñas para ser usadas en los archivos de configuración. Esta cifrado usó un IV estático y una clave, y por lo tanto, usando el método Decrypt() del archivo VISKD.cs del ejecutable RVTools.exe permite descifrar las contraseñas cifradas. Las cuentas usadas en los archivos de configuración presentan acceso a instancias de vSphere

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-23 CVE Reserved
  • 2020-11-05 CVE Published
  • 2023-07-22 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Robware
Search vendor "Robware"
Rvtools
Search vendor "Robware" for product "Rvtools"
4.0.6
Search vendor "Robware" for product "Rvtools" and version "4.0.6"
-
Affected