Lucene search

TalosCVELIST:CVE-2020-13527

HistoryDec 17, 2020 - 11:38 p.m.

CVE-2020-13527

2020-12-1723:38:47

CWE-352

talos

www.cve.org

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Lantronix",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Lantronix XPort EDGE 3.0.0.0R11 Lantronix XPort EDGE 3.1.0.0R9 Lantronix XPort EDGE 3.4.0.0R12 Lantronix XPort EDGE 4.2.0.0R7 Lantronix SGX 5150 8.7.0.0R1 Lantronix SGX 5150 8.9.0.0R4"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1135

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for CVELIST:CVE-2020-13527