| CVE-2020-12134 | Maximal damage | 9.8 |
| Very easy to exploit |
| (other affected products) | Published: Fri Apr 24 01:15:00 2020 UTC. Last Modified: Wed May 6 17:21:00 2020 UTC |
CPE matches: cpe:2.3:a:nanometrics:titansma:*:*:*:*:*:*:*:* && versionEndIncluding=4.2.20
Description
Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log.
Damage
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-772, Missing Release of Resource after Effective Lifetime: The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.