CVE-2020-29136 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Vendor	Product	Version
cpanel	cpanel	𝑥 < 11.86.0.32
cpanel	cpanel	11.90.0 ≤ 𝑥 < 11.90.0.17
cpanel	cpanel	11.92.0 ≤ 𝑥 < 11.92.0.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-307 - Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

https://docs.cpanel.net/changelogs/90-change-log/

https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/

https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/

https://docs.cpanel.net/changelogs/90-change-log/

https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/

https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/