Lucene search

TwcertCVE-2020-24551

HistoryOct 14, 2020 - 1:15 p.m.

CVE-2020-24551

2020-10-1413:15:13

CWE-601

twcert

web.nvd.nist.gov

iproom

mmc+

server

parameter validation

vulnerability

malicious site

cve-2020-24551

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim’s login credentials.

Affected configurations

Nvd

Node

iproommmc\+Match3.2.2

VendorProductVersionCPE
iproommmc\+3.2.2cpe:2.3:a:iproom:mmc\+:3.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iproom	mmc\+	3.2.2	cpe:2.3:a:iproom:mmc\+:3.2.2:::::::*

CNA Affected

[
  {
    "product": "MMC+ Server",
    "vendor": "IProom",
    "versions": [
      {
        "lessThanOrEqual": "3.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4053-6e9a2-1.html

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVE-2020-24551