CVE-2020-29054

Name of the Vulnerable Software and Affected Versions CDATA versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000

Description An issue was discovered that allows attackers to use the "show system infor" command to discover cleartext TELNET credentials. This is related to insufficient protection of registration data, which can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For CDATA versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000, consider restricting access to the "show system infor" command to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of cleartext TELNET credentials until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.