CVE-2020-9021 - Vulnerability Details - OpenCVE

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Postoaktraffic	Awam Bluetooth Field Device Awam Bluetooth Field Device Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:2011.3:::::::*
	cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.02.01.2019:::::::*
	cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.08.21.2018:::::::*
	cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2012.12.5:::::::*
	cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2015.1.16:::::::*

cpe:2.3:h:postoaktraffic:awam_bluetooth_field_device:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-17T03:03:40

Updated: 2024-08-04T10:19:19.826Z

Reserved: 2020-02-17T00:00:00

Link: CVE-2020-9021

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-02-17T04:15:10.780

Modified: 2024-11-21T05:39:50.727

Link: CVE-2020-9021

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T03:03:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9021", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html", "refsource": "MISC", "url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:19.826Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9021", "datePublished": "2020-02-17T03:03:40", "dateReserved": "2020-02-17T00:00:00", "dateUpdated": "2024-08-04T10:19:19.826Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:2011.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE935FC7-E16C-487C-8935-E3D01376DA66", "vulnerable": true}, {"criteria": "cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.02.01.2019:*:*:*:*:*:*:*", "matchCriteriaId": "FE1EDFA4-B2C6-4F3D-8D63-D3A3E8B77A91", "vulnerable": true}, {"criteria": "cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.08.21.2018:*:*:*:*:*:*:*", "matchCriteriaId": "47C74525-46BB-42D0-9C8F-ED9C66F3E98F", "vulnerable": true}, {"criteria": "cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2012.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "E5BC3BC8-9545-4243-8BA9-5EF6418F74C5", "vulnerable": true}, {"criteria": "cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2015.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "92DAA878-17E2-4DAC-96D7-163C35B39002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:postoaktraffic:awam_bluetooth_field_device:-:*:*:*:*:*:*:*", "matchCriteriaId": "245475C5-61F5-473E-8CD4-220BE053519F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter."}, {"lang": "es", "value": "Post Oak AWAM Bluetooth Field Device versiones 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019 y 7800SD.2012.12.5, es vulnerable a unas inyecciones de comandos de Sistema Operativo por medio de un archivo timeconfig.py mediante metacaracteres de shell en el par\u00e1metro htmlNtpServer."}], "id": "CVE-2020-9021", "lastModified": "2024-11-21T05:39:50.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-17T04:15:10.780", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}