CVE-2020-6960 CRITICAL

Published: 2020-01-22 | Last Modified: 2024-11-21 | Status: Modified

Description

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.

Additional Descriptions (1)

Las siguientes versiones de MAXPRO VMS y NVR, MAXPRO VMS: HNMSWVMS anterior a Versión VMS560 Build 595 T2-Patch, HNMSWVMSLT anterior a Versión VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE anterior a Versión NVR 5.6 Build 595 T2-Patch , MAXPRO NVR SE anterior a Versión NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE anterior a Versión NVR 5.6 Build 595 T2-Patch y MPNVRSWXX anterior a Versión NVR 5.6 Build 595 T2-Patch, contienen una vulnerabilidad de inyección SQL que podría otorgar a un atacante un acceso no autenticado remoto en la interfaz de usuario web con privilegios de nivel de administrador.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-89
[email protected]	Primary	en CWE-89

Affected Products

Vendor	Product	Version	Update	Type
honeywell	maxpro_nvr_xe_firmware	*	<built-in method update of dict object at 0x7c3c29ed4140>	Operating System
honeywell	maxpro_nvr_se_firmware	*	<built-in method update of dict object at 0x7c3c29ed6e80>	Operating System
honeywell	maxpro_nvr_pe_firmware	*	<built-in method update of dict object at 0x7c3bf3b79e80>	Operating System
honeywell	mpnvrswxx_firmware	*	<built-in method update of dict object at 0x7c3c483bfa80>	Operating System
honeywell	hnmswvms_firmware	*	<built-in method update of dict object at 0x7c3c29ed6780>	Operating System
honeywell	hnmswvmslt_firmware	*	<built-in method update of dict object at 0x7c3c481f4a80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:maxpro_nvr_xe_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:maxpro_nvr_xe:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:maxpro_nvr_se_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:maxpro_nvr_se:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:maxpro_nvr_pe_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:maxpro_nvr_pe:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:mpnvrswxx_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:mpnvrswxx:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:hnmswvms_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:hnmswvms:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:honeywell:hnmswvmslt_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:honeywell:hnmswvmslt:-:::::::*`

References

https://www.us-cert.gov/ics/advisories/icsa-20-021-01
Source: [email protected]

Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-021-01
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource