CVE-2020-25845 (GCVE-0-2020-25845)
Vulnerability from cvelistv5 – Published: 2020-12-31 07:45 – Updated: 2024-09-16 18:08
VLAI?
Title
CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -1
Summary
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Severity ?
7.5 (High)
CWE
- Information Leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING Inc. | NHIServiSignAdapter |
Affected:
1.0.20.0218
|
Date Public ?
2020-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "NHIServiSignAdapter",
"vendor": "CHANGING Inc.",
"versions": [
{
"status": "affected",
"version": "1.0.20.0218"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2020-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple functions of NHIServiSignAdapter failed to verify the users\u2019 file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user\u0027s credential."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T07:45:47.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.20.1109"
}
],
"source": {
"advisory": "TVN-202012004",
"discovery": "EXTERNAL"
},
"title": "CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-12-31T07:21:00.000Z",
"ID": "CVE-2020-25845",
"STATE": "PUBLIC",
"TITLE": "CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NHIServiSignAdapter",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_value": "1.0.20.0218"
}
]
}
}
]
},
"vendor_name": "CHANGING Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple functions of NHIServiSignAdapter failed to verify the users\u2019 file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user\u0027s credential."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.20.1109"
}
],
"source": {
"advisory": "TVN-202012004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-25845",
"datePublished": "2020-12-31T07:45:47.467Z",
"dateReserved": "2020-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:11.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-25845",
"date": "2026-05-08",
"epss": "0.0028",
"percentile": "0.51316"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:panorama_project:nhiservisignadapter:1.0.20.0218:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"8CA254A8-7D44-440A-9FCA-02C36E32143F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple functions of NHIServiSignAdapter failed to verify the users\\u2019 file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user\u0027s credential.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples funciones de NHIServiSignAdapter no pudieron verificar la ruta de archivo de los usuarios, lo que conlleva que la petici\\u00f3n SMB sea redireccionada hacia un host malicioso, resultando en el filtrado de la credencial del usuario.\"}]",
"id": "CVE-2020-25845",
"lastModified": "2024-11-21T05:18:53.497",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-12-31T08:15:13.317",
"references": "[{\"url\": \"https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-25845\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2020-12-31T08:15:13.317\",\"lastModified\":\"2024-11-21T05:18:53.497\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple functions of NHIServiSignAdapter failed to verify the users\u2019 file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user\u0027s credential.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples funciones de NHIServiSignAdapter no pudieron verificar la ruta de archivo de los usuarios, lo que conlleva que la petici\u00f3n SMB sea redireccionada hacia un host malicioso, resultando en el filtrado de la credencial del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:panorama_project:nhiservisignadapter:1.0.20.0218:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"8CA254A8-7D44-440A-9FCA-02C36E32143F\"}]}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-4273-24e01-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…