GSD-2020-17483

Vulnerability from gsd - Updated: 2023-12-13 01:21
Details
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
Aliases
Aliases
CVE-2020-17483
To clipboard 

{
  "GSD": {
    "alias": "CVE-2020-17483",
    "id": "GSD-2020-17483"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-17483"
      ],
      "details": "An improper access control vulnerability exists in Uffizio\u0027s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.",
      "id": "GSD-2020-17483",
      "modified": "2023-12-13T01:21:50.178807Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-17483",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An improper access control vulnerability exists in Uffizio\u0027s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.uffizio.com/",
            "refsource": "MISC",
            "url": "https://www.uffizio.com/"
          },
          {
            "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An improper access control vulnerability exists in Uffizio\u0027s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."
          },
          {
            "lang": "es",
            "value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del GPS Tracker de Uffizio que conduce a la divulgaci\u00f3n de informaci\u00f3n confidencial de todos los dispositivos conectados. Al visitar el host vulnerable en el puerto 9000, vemos que responde con un cuerpo JSON que tiene todos los detalles sobre los dispositivos que se han implementado."
          }
        ],
        "id": "CVE-2020-17483",
        "lastModified": "2023-12-20T16:39:34.913",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-16T01:15:07.200",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Product"
            ],
            "url": "https://www.uffizio.com/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.