Summaryinfo

A vulnerability classified as critical has been found in Nanometrics Centaur and TitanSMA. This affects an unknown part of the component Access Control. The manipulation leads to release of resource. This vulnerability is uniquely identified as CVE-2020-12134. It is possible to initiate the attack remotely. There is no exploit available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in Nanometrics Centaur and TitanSMA (the affected version is unknown). It has been rated as critical. Affected by this issue is an unknown code of the component Access Control. The manipulation with an unknown input leads to a release of resource vulnerability. Using CWE to declare the problem leads to CWE-772. The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log.

The weakness was published 04/24/2020. This vulnerability is handled as CVE-2020-12134 since 04/24/2020. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1499.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Nanometrics

Name

• Centaur
• TitanSMA

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion