CVE-2020-6973 - OpenCVE

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Digi	Connectport Lts 32 Mei Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware

Configuration 1 [-]

AND

cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:digi:connectport_lts_32_mei_bios:1.2:::::::*
	cpe:2.3:o:digi:connectport_lts_32_mei_firmware:1.4.3:::::::*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsa-20-042-13

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-02-12T23:01:19

Updated: 2024-08-04T09:18:02.479Z

Reserved: 2020-01-14T00:00:00

Link: CVE-2020-6973

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-13T00:15:11.603

Modified: 2020-02-21T18:16:18.240

Link: CVE-2020-6973

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Digi International ConnectPort LTS 32 MEI", "vendor": "n/a", "versions": [{"status": "affected", "version": "Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2"}]}], "descriptions": [{"lang": "en", "value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-12T23:01:19", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-6973", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Digi International ConnectPort LTS 32 MEI", "version": {"version_data": [{"version_value": "Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:18:02.479Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-6973", "datePublished": "2020-02-12T23:01:19", "dateReserved": "2020-01-14T00:00:00", "dateUpdated": "2024-08-04T09:18:02.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:digi:connectport_lts_32_mei_bios:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EF4DB9CF-2601-4958-A07C-554DBD46AA3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:digi:connectport_lts_32_mei_firmware:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "54021A38-4441-4C2A-9BA8-02B0267FD2A2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition."}, {"lang": "es", "value": "Digi International ConnectPort LTS 32 MEI, versi\u00f3n de firmware 1.4.3 (82002228_K 08/09/2018), BIOS versi\u00f3n 1.2. Se presentan m\u00faltiples vulnerabilidades de tipo cross-site scripting, que podr\u00edan permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2020-6973", "lastModified": "2020-02-21T18:16:18.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-13T00:15:11.603", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-13"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}