What is CVE-2020-5723?

CVE-2020-5723 is a vulnerability in Grandstream Ucm6200 Series, classified under Cleartext Storage of Sensitive Information. Published 2020-03-30.

Is CVE-2020-5723 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Grandstream Ucm6200 Series

CVE-2020-5723

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.

EPSS: 0.518 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a Grandstream Ucm6200 Series — versions 1.0.20.20 and below

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

www.tenable.com/security/research/tra-2020-17 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-5723?: CVE-2020-5723 is a vulnerability in Grandstream Ucm6200 Series, classified under Cleartext Storage of Sensitive Information. Published 2020-03-30.
Is CVE-2020-5723 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.