CVE-2020-29069 — MEDIUM (5.5)

Q: How severe is CVE-2020-29069?

CVE-2020-29069 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-29069?

Check the references section above for vendor advisories and patch information. Affected products include: Modern Honey Network Project Modern Honey Network.

Vulnerability Description

_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Modern Honey Network Project	Modern Honey Network	<= 2020-11-23

References

https://github.com/pwnlandia/mhn/issues/799ExploitThird Party Advisory
https://github.com/pwnlandia/mhn/issues/799ExploitThird Party Advisory

FAQ

What is CVE-2020-29069?

CVE-2020-29069 is a vulnerability with a CVSS score of 5.5 (MEDIUM). _get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation ...

How severe is CVE-2020-29069?

CVE-2020-29069 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29069?

Check the references section above for vendor advisories and patch information. Affected products include: Modern Honey Network Project Modern Honey Network.