Vulnerability Description
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pyres | Termod4 Firmware | < 10.04k |
| Pyres | Termod4 | - |
Related Weaknesses (CWE)
References
- https://github.com/Outpost24/Pyrescom-Termod-PoCExploitThird Party Advisory
- https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-TermoExploitThird Party Advisory
- https://pyres.com/en/solutions/termod-4/ProductVendor Advisory
- https://github.com/Outpost24/Pyrescom-Termod-PoCExploitThird Party Advisory
- https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-TermoExploitThird Party Advisory
- https://pyres.com/en/solutions/termod-4/ProductVendor Advisory
FAQ
What is CVE-2020-23162?
CVE-2020-23162 is a vulnerability with a CVSS score of 7.5 (HIGH). Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.
How severe is CVE-2020-23162?
CVE-2020-23162 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-23162?
Check the references section above for vendor advisories and patch information. Affected products include: Pyres Termod4 Firmware, Pyres Termod4.