CVE Vulnerabilities

CVE-2020-12493

Published: May 29, 2020 | Modified: Nov 04, 2021

CVSS 3.x

CRITICAL

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS 2.x

10 HIGH

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-12493
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4… grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

Affected Software

Name	Vendor	Start Version	End Version
Cpu_ls4000_firmware	Swarco	g4 (including)	g4 (including)

References

https://cert.vde.com/de-de/advisories/vde-2020-016

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.