CVE-2020-9345

{"id": "CVE-2020-9345", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-03-20T03:15:13.827", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-052.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-052.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited."}, {"lang": "es", "value": "Se detect\u00f3 un problema en signotec signoPAD-API/Web (anteriormente Websocket Pad Server) versiones anteriores a 3.1.1 en Windows. Es posible llevar a cabo un ataque de denegaci\u00f3n de servicio porque la aplicaci\u00f3n no limita el numero de sockets abiertos de WebSocket. Si una v\u00edctima visita un sitio web controlado por el atacante, esta vulnerabilidad puede ser explotada."}], "lastModified": "2024-11-21T05:40:27.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:signotec:signopad-api\\/web:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB1B817D-F4D5-4413-BFC0-A4758384A68B", "versionEndExcluding": "3.1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}