CVE-2020-13473
Vulnerability Scoring
5.5
/10
Attack Complexity Details
- Attack Complexity: Low Impact
- Attack Vector: LOCAL
- Privileges Required: Low Impact
- Scope: UNCHANGED
- User Interaction: NONE
CIA Impact Definition
- Confidentiality: HIGH IMPACT
- Integrity:
- Availability:
CVE-2020-13473 Vulnerability Summary
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
Access Complexity Graph for CVE-2020-13473
Impact Analysis for CVE-2020-13473
CVE-2020-13473: Detailed Information and External References
EPSS
0.00046
EPSS %
0.19472
References
0.00046
- https://cvewalkthrough.com/cve-2020-13473-nch-account-clear-text-password-storage/
- https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13473-nch-account-clear-text.html
CWE
CWE-312
CAPEC
0.00046
- Retrieve Embedded Sensitive Data: An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Vulnerable Configurations
-
cpe:2.3:a:nchsoftware:express_accounts:-:*:*:*:*:*:*:*
cpe:2.3:a:nchsoftware:express_accounts:-:*:*:*:*:*:*:*
-
cpe:2.3:a:nchsoftware:express_accounts:8.24:*:*:*:*:*:*:*
cpe:2.3:a:nchsoftware:express_accounts:8.24:*:*:*:*:*:*:*
CVSS3 Source
nvd@nist.gov
CVSS3 Type
Primary
CVSS3 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Protect Your Infrastructure: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.