CVE-2020-17483

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

n improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02	Third Party Advisory US Government Resource
https://www.uffizio.com/	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02	Third Party Advisory US Government Resource
https://www.uffizio.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 - Third Party Advisory, US Government Resource
References	~~() https://www.uffizio.com/ - Product~~	() https://www.uffizio.com/ - Product

Information

Published : 2023-12-16 01:15

Updated : 2024-11-21 05:08

NVD link : CVE-2020-17483

Mitre link : CVE-2020-17483

CVE.ORG link : CVE-2020-17483

JSON object : View

Products Affected

gps_tracker

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-17483", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-16T01:15:07.200", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://www.uffizio.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.uffizio.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del GPS Tracker de Uffizio que conduce a la divulgaci\u00f3n de informaci\u00f3n confidencial de todos los dispositivos conectados. Al visitar el host vulnerable en el puerto 9000, vemos que responde con un cuerpo JSON que tiene todos los detalles sobre los dispositivos que se han implementado."}], "lastModified": "2024-11-21T05:08:12.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}