PT-2020-17328 · Coscale · Coscale Agent Docker Image

Published

2020-12-15

Updated

2020-12-17

CVE-2020-35462

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CoScale agent Docker image version 3.16.0

Description The issue concerns a blank password for the root user in the CoScale agent Docker image. This could allow a remote attacker to gain root access with a blank password. Systems deployed using affected versions of the CoScale agent container are at risk.

Recommendations For CoScale agent Docker image version 3.16.0, update the root user password to a secure value to prevent unauthorized access. Consider restricting access to the container until the issue is resolved.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35462

Affected Products

Coscale Agent Docker Image

PT-2020-17328 · Coscale · Coscale Agent Docker Image

CVE-2020-35462

Weakness Enumeration

Related Identifiers

Affected Products

References · 4