CVE-2020-28331
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0052
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
Operating System
Wepresent Wipg-1600W Firmware by Barco
CPE Identifier
View Detailed Analysis
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware:2.5.1.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-In…
https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt
http://packetstormsecurity.com/files/160162/Barco-wePresent-Undocumented-SSH-In…
https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt