Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-16134

Published: Aug 04, 2020 | Modified: Jul 21, 2021
CVSS 3.x
8
HIGH
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.7 HIGH
AV:A/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-16134
CWEhttps://cwe.mitre.org/data/definitions/.html

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a devices plus or reset button, an attacker can create a user with elevated privileges on the Sysbus-API. This can then be used to modify local or remote SSH access, thus allowing a login session as the superuser.

Affected Software

Name Vendor Start Version End Version
Internet-box_2_firmware Swisscom * 10.04.38 (excluding)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use