Main Vulnerability Database Vulnerabilities #VU26512

#VU26512 Improper Authentication in UltraLog Express - CVE-2020-3920

Published: April 1, 2020

Vulnerability identifier: #VU26512

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3920

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
UltraLog Express

Software vendor:
Unisoon

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. A remote authenticated attacker can bypass authentication process and gain unauthorized access the privileged page to manage accounts through specific system directory.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.twcert.org.tw/tw/cp-132-3452-937d6-1.html

#VU26512 Improper Authentication in UltraLog Express - CVE-2020-3920

Description

Remediation

External links

Please verify you're human