mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
195 lines
5.9 KiB
JSON
195 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2020-13527",
|
|
"sourceIdentifier": "talos-cna@cisco.com",
|
|
"published": "2020-12-18T00:15:14.047",
|
|
"lastModified": "2022-10-07T14:23:47.320",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se presenta una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad Web Manager de Lantronix XPort EDGE versiones 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 y 4.2.0.0R7. Una petici\u00f3n HTTP especialmente dise\u00f1ada puede causar privilegios elevados. Un atacante puede enviar una petici\u00f3n HTTP para desencadenar esta vulnerabilidad"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 0.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "talos-cna@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.8,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 0.5,
|
|
"impactScore": 4.2
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "talos-cna@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:3.0.0.0:r11:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2DFAC926-7DFD-47AE-A850-BA6D04A85654"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:3.1.0.0:r9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "78DAC3A6-AD33-4D47-966D-B4AD1FBBA0C4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:3.4.0.0:r12:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E24141B2-6FC4-41EF-930A-148BE89E1BD0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:4.2.0.0:r7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "675A7F8D-7FCC-4CF5-ABA7-6D8D63E6F1EC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lantronix:xport_edge:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9CBD6E79-A280-4AF1-9AE5-17E5F3F7D589"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lantronix:sgx_firmware:8.7.0.0:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F69E8E2E-0ADE-486A-8F3B-0EB45A5816A3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:lantronix:sgx_firmware:8.9.0.0:r4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1BCBE46D-B77A-4688-BF16-A50193D8DADF"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:lantronix:sgx:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "318554B0-354E-4B14-98C0-A604E2B42989"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1135",
|
|
"source": "talos-cna@cisco.com",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |