CVE-2020-3930 : GeoVision Door Access Control device family improperly stores and controls acces

GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.

Published 2020-06-12 09:15:10

Updated 2020-07-23 20:02:29

Source TWCERT/CC

View at NVD, CVE.org

Products affected by CVE-2020-3930

Geovision » Gv-gf192x Firmware » Version: 1.10
cpe:2.3:o:geovision:gv-gf192x_firmware:1.10:*:*:*:*:*:*:*
Matching versions
When used together with: Geovision » Gv-gf192x » Version: N/A

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.5	1.4	TWCERT/CC
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

Assigned by: nvd@nist.gov (Primary)

https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html

TWCERT/CC台灣電腦網路危機處理暨協調中心-資安服務-台灣漏洞揭露平台 (TVN)-TVN (Taiwan Vulnerability Note) 漏洞公告-GeoVision 門禁控制設備 - Information disclosure vulnerability
Third Party Advisory

Jump to