CVE-2020-5812 - Vulnerability Details - OpenCVE

Description

Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Published: 2021-02-05

Score: 5.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Tenable Nessus AMI

affected

Version	Status	Constraints
`8.12.0 and earlier`	affected	—

Configuration 1 [-]

cpe:2.3:o:tenable:nessus_amazon_machine_image:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-26967	Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.tenable.com/security/tns-2021-01

History

No history.

Subscriptions

Tenable Nessus Amazon Machine Image

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2021-02-05T23:44:56.000Z

Updated: 2024-08-04T08:39:25.841Z

Reserved: 2020-01-06T00:00:00.000Z

Link: CVE-2020-5812

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-06T00:15:12.687

Modified: 2024-11-21T05:34:38.547

Link: CVE-2020-5812

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-295

{"containers": {"cna": {"affected": [{"product": "Tenable Nessus AMI", "vendor": "n/a", "versions": [{"status": "affected", "version": "8.12.0 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack."}], "problemTypes": [{"descriptions": [{"description": "Improper Certificate Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-05T23:44:56.000Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/tns-2021-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5812", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tenable Nessus AMI", "version": {"version_data": [{"version_value": "8.12.0 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Certificate Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/tns-2021-01", "refsource": "MISC", "url": "https://www.tenable.com/security/tns-2021-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.841Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-01"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5812", "datePublished": "2021-02-05T23:44:56.000Z", "dateReserved": "2020-01-06T00:00:00.000Z", "dateUpdated": "2024-08-04T08:39:25.841Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenable:nessus_amazon_machine_image:*:*:*:*:*:*:*:*", "matchCriteriaId": "48DBF1C8-9734-40FB-938D-299B3C33B727", "versionEndIncluding": "8.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "Se encontr\u00f3 que Nessus AMI versiones 8.12.0 y anteriores, no comprueba, o comprueba incorrectamente, un certificado, lo que pod\u00eda permitir a un atacante suplantar a una entidad confiable mediante el uso de un ataque de tipo man-in-the-middle (MITM)"}], "id": "CVE-2020-5812", "lastModified": "2024-11-21T05:34:38.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-06T00:15:12.687", "references": [{"source": "vulnreport@tenable.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-01"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}