CVE-2020-3930 : What You Need to Know
Learn about CVE-2020-3930, an information disclosure vulnerability in GeoVision Door Access Control Device. Find out the impact, affected systems, and mitigation steps.
GeoVision Door Access Control Device - Information disclosure vulnerability
Understanding CVE-2020-3930
GeoVision Door Access Control device family improperly stores and controls access to system logs, allowing any users to read these logs.
What is CVE-2020-3930?
This CVE identifies an information disclosure vulnerability in GeoVision's Door Access Control Device, specifically affecting version GV-GF192x up to version 1.10.
The Impact of CVE-2020-3930
The vulnerability has a CVSS base score of 4 (Medium severity) and could lead to unauthorized access to sensitive system logs, compromising confidentiality.
Technical Details of CVE-2020-3930
Vulnerability Description
The issue arises from the improper storage and control of access to system logs within the GeoVision Door Access Control device family.
Affected Systems and Versions
- Product: Door Access Control Device
- Vendor: GeoVision
- Affected Version: GV-GF192x (<= 1.10)
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Local
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Mitigation and Prevention
Immediate Steps to Take
- Update the affected device to version 1.22 in GV-GF192x
Long-Term Security Practices
- Regularly review and restrict access to system logs
- Implement proper access controls and encryption mechanisms
Patching and Updates
- Ensure timely installation of security patches and updates provided by GeoVision