PT-2020-17805 · Geovision · Geovision Door Access Control

Published

2020-06-12

Updated

2020-06-18

CVE-2020-3929

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GeoVision Door Access Control device family (affected versions not specified)

Description The issue concerns the use of shared cryptographic private keys for SSH and HTTPS in the GeoVision Door Access Control device family. This allows attackers to conduct man-in-the-middle (MITM) attacks using the derived keys, enabling them to recover plaintext from encrypted messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2020-3929

Affected Products

Geovision Door Access Control

PT-2020-17805 · Geovision · Geovision Door Access Control

CVE-2020-3929

Weakness Enumeration

Related Identifiers

Affected Products

References · 4