CVE-2020-25205 - OpenCVE

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mimosa	B5 B5 Firmware B5c B5c Firmware C5c C5c Firmware

Configuration 1 [-]

AND

cpe:2.3:h:mimosa:b5:-:*:*:*:*:*:*:*

cpe:2.3:o:mimosa:b5_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:mimosa:b5c:-:*:*:*:*:*:*:*

cpe:2.3:o:mimosa:b5c_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:mimosa:c5c:-:*:*:*:*:*:*:*

cpe:2.3:o:mimosa:c5c_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://labs.f-secure.com/advisories/
https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-20T18:45:21

Updated: 2024-08-04T15:33:04.419Z

Reserved: 2020-09-08T00:00:00

Link: CVE-2020-25205

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-20T19:15:09.563

Modified: 2021-07-30T15:19:29.747

Link: CVE-2020-25205

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T18:45:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25205", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://labs.f-secure.com/advisories/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/"}, {"name": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:33:04.419Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25205", "datePublished": "2021-07-20T18:45:21", "dateReserved": "2020-09-08T00:00:00", "dateUpdated": "2024-08-04T15:33:04.419Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mimosa:b5:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB6E4730-E018-43B4-827B-6266EECF81A8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:b5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F0CE000-9BD3-4EA6-B98B-F58FC97FC5BE", "versionEndIncluding": "2.8.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mimosa:b5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B92406E6-A9B4-4070-B307-C341F770EF43", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:b5c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C203C9BF-6730-4E5C-A855-895BFD9E199C", "versionEndIncluding": "2.8.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mimosa:c5c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2435693-7699-4432-BC83-F31D967E181F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:c5c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5DF58CB-D5CA-4924-A7C4-1A24CAD33F4A", "versionEndIncluding": "2.8.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions."}, {"lang": "es", "value": "La consola web para el firmware Mimosa B5, B5c y C5x versiones hasta 2.8.0.2, es vulnerable a un ataque de tipo XSS almacenado en la funci\u00f3n set_banner() del archivo /var/www/core/controller/index.php. Un atacante no autenticado puede ajustar el contenido del archivo /mnt/jffs2/banner.txt, almacenado en el sistema de archivos del dispositivo, para que contenga JavaScript arbitrario. El contenido del archivo es usado entonces como parte de un mensaje de welcome/banner presentado a usuarios no autenticados que visitan la p\u00e1gina de inicio de sesi\u00f3n de la consola web. Esta vulnerabilidad no ocurre en las versiones de firmware 1.5.x m\u00e1s antiguas"}], "id": "CVE-2020-25205", "lastModified": "2021-07-30T15:19:29.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-20T19:15:09.563", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/mimosa-ptp-devices-multiple-vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}