CVE-2020-36528

A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2020/Oct/4	Exploit Mailing List Third Party Advisory
https://vuldb.com/?id.162264	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Oct/4	Exploit Mailing List Third Party Advisory
https://vuldb.com/?id.162264	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:platinumchina:platinum_mobile:1.0.4.850:*:*:*:*:*:*:*

History

21 Nov 2024, 05:29

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2020/Oct/4 - Exploit, Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2020/Oct/4 - Exploit, Mailing List, Third Party Advisory
References	~~() https://vuldb.com/?id.162264 - Third Party Advisory, VDB Entry~~	() https://vuldb.com/?id.162264 - Third Party Advisory, VDB Entry
CVSS	v2 : ~~4.0~~ v3 : ~~6.5~~	v2 : 4.0 v3 : 5.5

Information

Published : 2022-06-07 18:15

Updated : 2024-11-21 05:29

NVD link : CVE-2020-36528

Mitre link : CVE-2020-36528

CVE.ORG link : CVE-2020-36528

JSON object : View

Products Affected

platinumchina

platinum_mobile

CWE

CWE-264

Permissions, Privileges, and Access Controls

CWE-287

Improper Authentication

{"id": "CVE-2020-36528", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-06-07T18:15:10.647", "references": [{"url": "http://seclists.org/fulldisclosure/2020/Oct/4", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.162264", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "http://seclists.org/fulldisclosure/2020/Oct/4", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.162264", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-264"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en Platinum Mobile versi\u00f3n 1.0.4.850. La vulnerabilidad afecta a el archivo/MobileHandler.ashx, lo que conlleva a una ruptura del control de acceso. El ataque requiere autenticaci\u00f3n. La actualizaci\u00f3n a versi\u00f3n 1.0.4.851 puede abordar este problema. Es recomendado actualizar el componente afectado"}], "lastModified": "2024-11-21T05:29:45.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:platinumchina:platinum_mobile:1.0.4.850:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB169AF7-32C4-4886-975C-B9F3B18C46AC"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}