CVE-2020-17494

EPSS 0.15%
Veröffentlicht 12.11.2020 21:15:10
Zuletzt bearbeitet 21.11.2024 05:08:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Untangle Firewall NG before 16.0 uses MD5 for passwords.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Untangle ≫ Untangle Firewall Ng Version < 16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.325

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://github.com/untangle/ngfw_src/blob/1d232efe2c17a8838b59bbbeaf166dafa94676af/uvm/hier/usr/share/untangle/web/auth/index.py#L196-L200

Patch

Third Party Advisory

https://github.com/untangle/ngfw_src/search?q=author%3Abmastbergen+committer-date%3A2020-08-10&type=commits

Patch

Third Party Advisory

https://pastebin.com/s7UYG3vX

Third Party Advisory

https://wiki.untangle.com/index.php/16.0.0_-_16.0.1_Changelog

Third Party Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-17494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-17494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-17494

EUVD