CVE-2020-24056 - Vulnerability Details - OpenCVE

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Verint	4320 4320 Firmware 5620ptz 5620ptz Firmware S5120fd S5120fd Firmware

Configuration 1 [-]

AND

cpe:2.3:o:verint:5620ptz_firmware:verint_fw_0_42:*:*:*:*:*:*:*

cpe:2.3:h:verint:5620ptz:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:verint:4320_firmware:v4320_fw_0_23:::::::*
	cpe:2.3:o:verint:4320_firmware:v4320_fw_0_31:::::::*

cpe:2.3:h:verint:4320:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:verint:s5120fd_firmware:verint_fw_0_42units:*:*:*:*:*:*:*

cpe:2.3:h:verint:s5120fd:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ioac.tv/2Nbc40h
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-21T14:30:26

Updated: 2024-08-04T15:05:11.862Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24056

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-21T15:15:13.133

Modified: 2024-11-21T05:14:22.190

Link: CVE-2020-24056

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-21T14:30:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/"}, {"tags": ["x_refsource_MISC"], "url": "https://ioac.tv/2Nbc40h"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24056", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/", "refsource": "MISC", "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/"}, {"name": "https://ioac.tv/2Nbc40h", "refsource": "MISC", "url": "https://ioac.tv/2Nbc40h"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:05:11.862Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ioac.tv/2Nbc40h"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24056", "datePublished": "2020-08-21T14:30:26", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T15:05:11.862Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verint:5620ptz_firmware:verint_fw_0_42:*:*:*:*:*:*:*", "matchCriteriaId": "0D07363C-3EAD-4C7F-8ADC-BF73F5CCF65C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verint:5620ptz:-:*:*:*:*:*:*:*", "matchCriteriaId": "06A52C58-EDF6-45B8-8E36-8A5A1652A34C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verint:4320_firmware:v4320_fw_0_23:*:*:*:*:*:*:*", "matchCriteriaId": "A8BA0DE6-30CB-451B-ADA5-9C20A96D4553", "vulnerable": true}, {"criteria": "cpe:2.3:o:verint:4320_firmware:v4320_fw_0_31:*:*:*:*:*:*:*", "matchCriteriaId": "C2321668-6D76-48C2-8E30-DE5D0CCBAF05", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verint:4320:-:*:*:*:*:*:*:*", "matchCriteriaId": "86528E55-7890-4B44-AA62-7A6927B9E738", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verint:s5120fd_firmware:verint_fw_0_42units:*:*:*:*:*:*:*", "matchCriteriaId": "EE4479AA-9C2F-4976-9A34-0E07EC9294A8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verint:s5120fd:-:*:*:*:*:*:*:*", "matchCriteriaId": "F892B51D-CCFE-4458-9450-C1A934337CDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de credenciales embebidas en las unidades Verint 5620PTZ versi\u00f3n Verint_FW_0_42, Verint 4320 versiones V4320_FW_0_23, V4320_FW_0_31 y Verint S5120FD versi\u00f3n Verint_FW_0_42. Esto podr\u00eda causar un problema de confidencialidad al usar los protocolos FTP, Telnet o SSH."}], "id": "CVE-2020-24056", "lastModified": "2024-11-21T05:14:22.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-21T15:15:13.133", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ioac.tv/2Nbc40h"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ioac.tv/2Nbc40h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}