CVE-2020-35559
First published: Tue Feb 16 2021(Updated: )
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mbconnectline Mbconnect24 | <=2.6.2 | |
| Mbconnectline Mymbconnect24 | <=2.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-35559?
The severity of CVE-2020-35559 is medium with a CVSS 3.1 score of 4.3.
Which software versions are affected by CVE-2020-35559?
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 versions up to and including 2.6.2 are affected by CVE-2020-35559.
What is the impact of CVE-2020-35559?
An authenticated attacker can use up all available IPs of an account, preventing the creation of new devices and users.
How can I fix CVE-2020-35559?
Upgrade to a version higher than 2.6.2 of MB CONNECT LINE mymbCONNECT24 and mbCONNECT24.
Are there any references for CVE-2020-35559?
Yes, you can find more information about CVE-2020-35559 in the following references: [VDE-2021-003](https://cert.vde.com/de-de/advisories/vde-2021-003) and [mbCONNECTLINE Security Advice](https://mbconnectline.com/security-advice/).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mbconnectline
- canonical/mbconnectline mbconnect24
- version/mbconnectline mbconnect24/2.6.2
- canonical/mbconnectline mymbconnect24
- version/mbconnectline mymbconnect24/2.6.2