Total
101 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11334 | 1 Tzumi | 3 Klic Lock, Klic Smart Padlock Model 5686, Klic Smart Padlock Model 5686 Firmware | 2020-08-24 | 4.3 MEDIUM | 3.7 LOW |
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2. | |||||
CVE-2019-9158 | 1 Gemalto | 1 Ezio Ds3 Server | 2020-08-24 | 2.7 LOW | 5.7 MEDIUM |
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control. | |||||
CVE-2019-5307 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2020-08-24 | 4.3 MEDIUM | 4.2 MEDIUM |
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107) | |||||
CVE-2019-3915 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. | |||||
CVE-2018-17176 | 1 Neatorobotics | 6 Botvac D4 Connected, Botvac D4 Connected Firmware, Botvac D6 Connected and 3 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all. | |||||
CVE-2020-4042 | 1 Bareos | 1 Bareos | 2020-07-15 | 4.3 MEDIUM | 6.8 MEDIUM |
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8. | |||||
CVE-2020-10045 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2020-07-15 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. | |||||
CVE-2020-9438 | 1 Tinxy | 2 Smart Wifi Door Lock, Smart Wifi Door Lock Firmware | 2020-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled. | |||||
CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2020-04-09 | 7.5 HIGH | N/A |
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | |||||
CVE-2020-5300 | 1 Ory | 1 Hydra | 2020-04-07 | 3.5 LOW | 5.3 MEDIUM |
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17 | |||||
CVE-2020-6972 | 1 Honeywell | 1 Notifier Webserver | 2020-03-27 | 6.4 MEDIUM | 9.1 CRITICAL |
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | |||||
CVE-2020-10185 | 1 Yubico | 1 Yubikey One Time Password Validation Server | 2020-03-12 | 6.8 MEDIUM | 8.6 HIGH |
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud. | |||||
CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | |||||
CVE-2019-13533 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2020-01-02 | 6.8 MEDIUM | 8.1 HIGH |
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | |||||
CVE-2019-12393 | 1 Anviz | 1 Management System | 2019-12-12 | 5.0 MEDIUM | 7.5 HIGH |
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | |||||
CVE-2018-7356 | 1 Zte | 2 Zxr10 8905e, Zxr10 8905e Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. | |||||
CVE-2018-15498 | 1 Ysoft | 2 Safeq Server, Safeq Server Client | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
YSoft SafeQ Server 6 allows a replay attack. | |||||
CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | |||||
CVE-2017-6823 | 1 Fiyo | 1 Fiyo Cms | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | |||||
CVE-2017-11786 | 1 Microsoft | 2 Lync, Skype For Business | 2019-10-02 | 9.3 HIGH | 8.8 HIGH |
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." |