CVE-2020-29069

{"id": "CVE-2020-29069", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-11-25T00:15:10.873", "references": [{"url": "https://github.com/pwnlandia/mhn/issues/799", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/pwnlandia/mhn/issues/799", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string."}, {"lang": "es", "value": "La funci\u00f3n _get_flag_ip_localdb en el archivo server/mhn/ui/utils.py en Modern Honey Network (MHN) versiones hasta 23-11-2020, permite a atacantes causar una denegaci\u00f3n de servicio por medio de una direcci\u00f3n IP que est\u00e1 ausente de una base de datos de geolocalizaci\u00f3n local, porque el c\u00f3digo intenta poner en may\u00fasculas un valor de retorno incluso si ese valor no es una cadena"}], "lastModified": "2024-11-21T05:23:37.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:modern_honey_network_project:modern_honey_network:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71459B3-0C69-4675-977A-3A32DC09499A", "versionEndIncluding": "2020-11-23"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}