Vulnerabilities > CVE-2020-23490 - Unspecified vulnerability in Wwbn Avideo

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wwbn

NVD

Published: 2020-11-16

Updated: 2021-07-21

Summary

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.

Vulnerable Configurations

Part	Description	Count
Application	Wwbn Wwbn Avideo - Wwbn Avideo 2.2 Wwbn Avideo 2.4 Wwbn Avideo 2.7 Wwbn Avideo 3.4 Wwbn Avideo 3.4.1 Wwbn Avideo 4.0 Wwbn Avideo 4.0.1 Wwbn Avideo 4.0.2 Wwbn Avideo 5.0 Wwbn Avideo 6.5 Wwbn Avideo 7.2 Wwbn Avideo 7.3 Wwbn Avideo 7.4 Wwbn Avideo 7.5 Wwbn Avideo 7.6 Wwbn Avideo 7.7 Wwbn Avideo 7.8 Wwbn Avideo 8.1 Wwbn Avideo 8.5 Wwbn Avideo 8.6 Wwbn Avideo 8.7	22

Summary

Vulnerable Configurations

References