Vulnerability Details : CVE-2020-5723
Public exploit exists!
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.
Products affected by CVE-2020-5723
- cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5723
1.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-5723
-
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
Disclosure Date: 2020-03-30First seen: 2022-12-23auxiliary/gather/grandstream_ucm62xx_sql_account_guessThis module uses a blind SQL injection (CVE-2020-5724) affecting the Grandstream UCM62xx IP PBX to dump the users table. The injection occurs over a websocket at the websockify endpoint, and specifically occurs when the user requests the challenge (as part of a
CVSS scores for CVE-2020-5723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-5723
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by:
- nvd@nist.gov (Primary)
- vulnreport@tenable.com (Secondary)
References for CVE-2020-5723
-
https://www.tenable.com/security/research/tra-2020-17
Grandstream UCM62xx Multiple SQL Injections - Research Advisory | TenableĀ®Exploit;Third Party Advisory
Jump to