CVE-2021-20119high
Description
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
References
Details
Source: MITRE
Published: 2021-11-09
Updated: 2021-11-15
Type: CWE-863
Risk Information
CVSS v2
Base Score: 4.9
Vector: AV:A/AC:M/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 4.4
Severity: MEDIUM
CVSS v3
Base Score: 7.1
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.2
Severity: HIGH