How severe is CVE-2020-14474?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-14474?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2020-14474 - HIGH Severity | CVSS 7.5

Vulnerability Description

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

Related Vulnerabilities

CVE-2005-3716

HIGH

CVSS:7.5(High)

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive ...

CWE-7982005

CVE-2005-3803

HIGH

CVSS:7.5(High)

Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

CWE-7982005

CVE-2010-2073

HIGH

CVSS:7.5(High)

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP ser...

CWE-7982010

CVE-2013-1352

HIGH

CVSS:7.5(High)

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

CWE-7982013

CVE-2013-2567

HIGH

CVSS:7.5(High)

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sens...

CWE-7982013

CVE-2013-2572

HIGH

CVSS:7.5(High)

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which...

CWE-7982013