VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ew94-7ct2-aaag

Essentials
Severities (113)
References (39)
Severity details (31)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-ew94-7ct2-aaag
Aliases	CVE-2020-9283 GHSA-ffhg-7mh4-33c4
Summary	golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-347	Improper Verification of Cryptographic Signature
CWE-130	Improper Handling of Length Parameter Inconsistency

System	Score	Found at
cvssv3.1	7.5	http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
generic_textual	HIGH	http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:2412
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:2413
rhas	Low	https://access.redhat.com/errata/RHSA-2020:2790
rhas	Low	https://access.redhat.com/errata/RHSA-2020:2793
rhas	Low	https://access.redhat.com/errata/RHSA-2020:2878
rhas	Low	https://access.redhat.com/errata/RHSA-2020:3078
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:3369
rhas	Low	https://access.redhat.com/errata/RHSA-2020:3414
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:3809
rhas	Low	https://access.redhat.com/errata/RHSA-2020:4264
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4298
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:0799
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1129
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.09062	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.13749	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.13749	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.13749	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.14605	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.19862	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.24925	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.26317	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.26317	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
epss	0.26317	https://api.first.org/data/v1/epss?cve=CVE-2020-9283
cvssv3.1	7.5	https://github.com/golang/crypto
generic_textual	HIGH	https://github.com/golang/crypto
cvssv3.1	7.5	https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
generic_textual	HIGH	https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
cvssv3.1	7.5	https://go.dev/cl/220357
generic_textual	HIGH	https://go.dev/cl/220357
cvssv3.1	7.5	https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
generic_textual	HIGH	https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
generic_textual	HIGH	https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
cvssv3.1	7.5	https://groups.google.com/g/golang-announce/c/3L45YRc91SY
generic_textual	HIGH	https://groups.google.com/g/golang-announce/c/3L45YRc91SY
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
cvssv3.1	5.9	https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2020-9283
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-9283
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-9283
cvssv3.1	7.5	https://pkg.go.dev/vuln/GO-2020-0012
generic_textual	HIGH	https://pkg.go.dev/vuln/GO-2020-0012
cvssv3.1	7.5	https://www.exploit-db.com/exploits/48121
generic_textual	HIGH	https://www.exploit-db.com/exploits/48121

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-9283
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
		https://github.com/golang/crypto
		https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
		https://go.dev/cl/220357
		https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
		https://groups.google.com/forum/#%21topic/golang-announce/3L45YRc91SY
		https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
		https://groups.google.com/g/golang-announce/c/3L45YRc91SY
		https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
		https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
		https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
		https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html
		https://pkg.go.dev/vuln/GO-2020-0012
		https://www.exploit-db.com/exploits/48121
952462		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
cpe:2.3:a:golang:package_ssh:0.0.0-20200220183623-bac4c82f6975:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:package_ssh:0.0.0-20200220183623-bac4c82f6975:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2020-9283	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
CVE-2020-9283		https://nvd.nist.gov/vuln/detail/CVE-2020-9283
RHBA-2020:3180		https://bugzilla.redhat.com/show_bug.cgi?id=1804533
RHSA-2020:2412		https://access.redhat.com/errata/RHSA-2020:2412
RHSA-2020:2413		https://access.redhat.com/errata/RHSA-2020:2413
RHSA-2020:2789		https://access.redhat.com/errata/RHSA-2020:2789
RHSA-2020:2790		https://access.redhat.com/errata/RHSA-2020:2790
RHSA-2020:2793		https://access.redhat.com/errata/RHSA-2020:2793
RHSA-2020:2878		https://access.redhat.com/errata/RHSA-2020:2878
RHSA-2020:3078		https://access.redhat.com/errata/RHSA-2020:3078
RHSA-2020:3369		https://access.redhat.com/errata/RHSA-2020:3369
RHSA-2020:3370		https://access.redhat.com/errata/RHSA-2020:3370
RHSA-2020:3372		https://access.redhat.com/errata/RHSA-2020:3372
RHSA-2020:3414		https://access.redhat.com/errata/RHSA-2020:3414
RHSA-2020:3809		https://access.redhat.com/errata/RHSA-2020:3809
RHSA-2020:4264		https://access.redhat.com/errata/RHSA-2020:4264
RHSA-2020:4298		https://access.redhat.com/errata/RHSA-2020:4298
RHSA-2021:0799		https://access.redhat.com/errata/RHSA-2021:0799
RHSA-2021:1129		https://access.redhat.com/errata/RHSA-2021:1129

Data source	Exploit-DB
Date added	Feb. 24, 2020
Description	Go SSH servers 0.0.2 - Denial of Service (PoC)
Ransomware campaign use	Unknown
Source publication date	Feb. 24, 2020
Exploit type	dos
Platform	linux
Source update date	Feb. 24, 2020

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/golang/crypto

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.dev/cl/220357

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/golang-announce/c/3L45YRc91SY

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00017.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-9283

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-9283

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-9283

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2020-0012

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.exploit-db.com/exploits/48121

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.91864
EPSS Score	0.09062
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.