Vulnerability CVE-2020-15953

Vulnerability Name:

CVE-2020-15953 (CCN-185828)

Assigned:

2020-06-18

Published:

2020-06-18

Updated:

2023-01-20

Summary:

CVSS v3 Severity:

7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-15953

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: XF
Type: UNKNOWN
libetpan-cve202015953-mitm(185828)

Source: CCN
Type: LibEtPan GIT Repository
Buffering issues with STARTTLS in IMAP #386

Source: cve@mitre.org
Type: Exploit, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:libetpan_project:libetpan:1.9.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202015953	V	CVE-2020-15953	2022-06-30
oval:org.opensuse.security:def:112624	P	libetpan-devel-1.9.4-1.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64821	P	Security update for python-pip (Moderate)	2021-12-13
oval:org.opensuse.security:def:64612	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:64611	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:106106	P	libetpan-devel-1.9.4-1.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63096	P	libopenssl-1_0_0-devel-1.0.2p-3.37.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:64719	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:63064	P	ntp-4.2.8p11-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63068	P	reiserfs-kmp-default-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63071	P	java-1_8_0-ibm-1.8.0_sr5.30-3.16.2 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:64475	P	Security update for open-iscsi (Important)	2021-01-14
oval:org.opensuse.security:def:63274	P	libfreebl3-hmac-3.47.1-3.37.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63567	P	argyllcms-1.9.2-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63770	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:75066	P	Security update for libetpan (Moderate)	2020-12-01
oval:org.opensuse.security:def:64879	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:63917	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:64991	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:64146	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:74933	P	Security update for rmt-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:109710	P	Security update for libetpan (Moderate)	2020-09-22
oval:org.opensuse.security:def:96363	P	Security update for libetpan (Moderate)	2020-09-22
oval:org.opensuse.security:def:103053	P	Security update for libetpan (Moderate)	2020-09-22
oval:org.opensuse.security:def:110761	P	Security update for libetpan (Moderate)	2020-09-19

BACK