CVE-2020-13528 - OpenCVE

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lantronix	Xport Edge Xport Edge Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:lantronix:xport_edge_firmware:3.0.0.0:r11::::::
	cpe:2.3:o:lantronix:xport_edge_firmware:3.1.0.0:r9::::::
	cpe:2.3:o:lantronix:xport_edge_firmware:3.4.0.0:r12::::::
	cpe:2.3:o:lantronix:xport_edge_firmware:4.2.0.0:r7::::::

cpe:2.3:h:lantronix:xport_edge:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2020-12-17T23:38:54

Updated: 2024-08-04T12:18:18.292Z

Reserved: 2020-05-26T00:00:00

Link: CVE-2020-13528

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-18T00:15:14.127

Modified: 2022-10-05T15:33:47.607

Link: CVE-2020-13528

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Lantronix", "vendor": "n/a", "versions": [{"status": "affected", "version": "Lantronix XPort EDGE 3.0.0.0R11 Lantronix XPort EDGE 3.1.0.0R9 Lantronix XPort EDGE 3.4.0.0R12Lantronix XPort EDGE 4.2.0.0R7"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-17T23:38:54", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2020-13528", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lantronix", "version": {"version_data": [{"version_value": "Lantronix XPort EDGE 3.0.0.0R11 Lantronix XPort EDGE 3.1.0.0R9 Lantronix XPort EDGE 3.4.0.0R12Lantronix XPort EDGE 4.2.0.0R7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 3.1, "baseSeverity": "Low", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319: Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:18:18.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2020-13528", "datePublished": "2020-12-17T23:38:54", "dateReserved": "2020-05-26T00:00:00", "dateUpdated": "2024-08-04T12:18:18.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:3.0.0.0:r11:*:*:*:*:*:*", "matchCriteriaId": "2DFAC926-7DFD-47AE-A850-BA6D04A85654", "vulnerable": true}, {"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:3.1.0.0:r9:*:*:*:*:*:*", "matchCriteriaId": "78DAC3A6-AD33-4D47-966D-B4AD1FBBA0C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:3.4.0.0:r12:*:*:*:*:*:*", "matchCriteriaId": "E24141B2-6FC4-41EF-930A-148BE89E1BD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:lantronix:xport_edge_firmware:4.2.0.0:r7:*:*:*:*:*:*", "matchCriteriaId": "675A7F8D-7FCC-4CF5-ABA7-6D8D63E6F1EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:xport_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CBD6E79-A280-4AF1-9AE5-17E5F3F7D589", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad Web Manager and telnet CLI de Lantronix XPort EDGE versiones 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 y 4.2.0.0R7. Una petici\u00f3n HTTP especialmente dise\u00f1ada puede causar una divulgaci\u00f3n de informaci\u00f3n. Un atacante puede rastrear la red para desencadenar esta vulnerabilidad"}], "id": "CVE-2020-13528", "lastModified": "2022-10-05T15:33:47.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-18T00:15:14.127", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1136"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}