CVE-2020-5723

Critical

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve…

tenable·CWE-312·Published 2020-03-30

CVSS

9.8

EPSS

0.06

KEV

Exploits

cve.orgen

189 chars

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

NVDen

189 chars

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

NVDes

235 chars

La serie UCM6200 versiones 1.0.20.22 y por debajo, almacena contraseñas de usuario sin cifrar en una base de datos SQLite. Esto podría permitir a un atacante recuperar todas las contraseñas y posiblemente alcanzar privilegios elevados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H