CVE Vulnerabilities

CVE-2020-29054

Insufficiently Protected Credentials

Published: Nov 24, 2020 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use show system infor to discover cleartext TELNET credentials.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
72408a_firmware Cdatatec 1.2.2 (including) 1.2.2 (including)
72408a_firmware Cdatatec 2.4.03_000 (including) 2.4.03_000 (including)
72408a_firmware Cdatatec 2.4.04_001 (including) 2.4.04_001 (including)
72408a_firmware Cdatatec 2.4.05_000 (including) 2.4.05_000 (including)

Potential Mitigations

References