CVE-2020-10807

low-risk
Published 2020-03-22

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Mitre

References (8)

Third Party Advisory https://github.com/mitre/caldera/compare/2.6.4...2.6.5
Third Party Advisory https://github.com/mitre/caldera/issues/1405
Patch https://github.com/mitre/caldera/pull/1407
Release Notes https://github.com/mitre/caldera/releases/tag/2.6.5
Third Party Advisory https://github.com/mitre/caldera/compare/2.6.4...2.6.5
Third Party Advisory https://github.com/mitre/caldera/issues/1405
Patch https://github.com/mitre/caldera/pull/1407
Release Notes https://github.com/mitre/caldera/releases/tag/2.6.5
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal