Improper Resource Shutdown or Release

CVE-2020-16100

High

7.5/10

Summary

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory Timeline

Published Sep 15, 2020

Improper Resource Shutdown or Release

CVE-2020-16100

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS