Improper Resource Shutdown or Release

CVE-2020-16100

Medium

5/10

Summary

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: NONE
Availability Impact: PARTIAL

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory Timeline

Published Sep 15, 2020

Improper Resource Shutdown or Release

CVE-2020-16100

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS