CVE-2020-29055

Name of the Vulnerable Software and Affected Versions CDATA versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000

Description The issue is related to the transmission of secret information in plain text. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance. The appliance can be managed remotely only with HTTP, telnet, and SNMP, and it does not support SSL/TLS for HTTP or SSH.

Recommendations For CDATA versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000, consider disabling remote management via HTTP, telnet, and SNMP until a patch is available. Restrict access to the appliance's management interface to minimize the risk of exploitation. Avoid using plain text protocols for remote management until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.