CVE-2020-17483

{"id": "CVE-2020-17483", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-16T01:15:07.200", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.uffizio.com/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del GPS Tracker de Uffizio que conduce a la divulgaci\u00f3n de informaci\u00f3n confidencial de todos los dispositivos conectados. Al visitar el host vulnerable en el puerto 9000, vemos que responde con un cuerpo JSON que tiene todos los detalles sobre los dispositivos que se han implementado."}], "lastModified": "2023-12-20T16:39:34.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}