5.9
CVE-2020-3929
- EPSS 0.51%
- Veröffentlicht 12.06.2020 09:15:10
- Zuletzt bearbeitet 21.11.2024 05:31:58
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginGeoVision Door Access Control Device - Shared cryptographic keys
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Usavisionsys ≫ Geovision Gv-as210 Firmware Version < 2.21
Usavisionsys ≫ Geovision Gv-as410 Firmware Version < 2.21
Usavisionsys ≫ Geovision Gv-as810 Firmware Version < 2.21
Usavisionsys ≫ Geovision Gv-as1010 Firmware Version < 1.32
Usavisionsys ≫ Geovision Gv-gf192x Firmware Version < 1.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.391 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| twcert@cert.org.tw | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html