Synchronous Access of Remote Resource without Timeout

CVE-2020-14483

Medium

4.3/10

Summary

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-1088 - Synchronous Access of Remote Resource without Timeout

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

References

Advisory Timeline

Published Aug 13, 2020

Synchronous Access of Remote Resource without Timeout

CVE-2020-14483

Summary

CWE-1088 - Synchronous Access of Remote Resource without Timeout

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS