Sign-up

ID

VAR-202001-1708


CVE

CVE-2020-6848


TITLE

Axper Vision II Cross-site scripting vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-001320

DESCRIPTION

Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. Axper Vision II The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. FLIR Brickstream 2300 is a customer flow analysis and statistics equipment of Canada FLIR company. An access control error vulnerability exists in the getConfigExportFile.cgi file in FLIR Brickstream 2300 version 2.0 4.1.53.166. An attacker could exploit this vulnerability to obtain information

Trust: 1.71

sources: NVD: CVE-2020-6848 // JVNDB: JVNDB-2020-001320 // VULHUB: VHN-133844

AFFECTED PRODUCTS

vendor:axpermodel:vision iiscope:eqversion:4.1.53.166

Trust: 1.0

vendor:axpermodel:vision iiscope:eqversion:4

Trust: 0.8

sources: JVNDB: JVNDB-2020-001320 // NVD: CVE-2020-6848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6848
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-6848
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-412
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133844
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6848
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133844
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6848
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2020-6848
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-133844 // JVNDB: JVNDB-2020-001320 // CNNVD: CNNVD-202001-412 // NVD: CVE-2020-6848

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-200

Trust: 0.1

sources: VULHUB: VHN-133844 // JVNDB: JVNDB-2020-001320 // NVD: CVE-2020-6848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-412

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202001-412

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001320

PATCH
title:Top Pageurl:https://axper.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001320

EXTERNAL IDS
db:NVDid:CVE-2020-6848
Trust: 2.5
db:JVNDBid:JVNDB-2020-001320
Trust: 0.8
db:CNNVDid:CNNVD-202001-412
Trust: 0.6
db:SEEBUGid:SSVID-98151
Trust: 0.1
db:CNNVDid:CNNVD-201801-002
Trust: 0.1
db:VULHUBid:VHN-133844
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133844 // 
            
            
            
            JVNDB: JVNDB-2020-001320 // 
            
            
            
            CNNVD: CNNVD-202001-412 // 
            
            
            
            NVD: CVE-2020-6848

REFERENCES
url:https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-6848
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6848
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133844 // 
            
            
            
            JVNDB: JVNDB-2020-001320 // 
            
            
            
            CNNVD: CNNVD-202001-412 // 
            
            
            
            NVD: CVE-2020-6848

SOURCES
db:VULHUBid:VHN-133844
db:JVNDBid:JVNDB-2020-001320
db:CNNVDid:CNNVD-202001-412
db:NVDid:CVE-2020-6848

LAST UPDATE DATE
2024-11-23T22:00:42.284000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133844date:2020-01-15T00:00:00
db:JVNDBid:JVNDB-2020-001320date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-412date:2021-01-04T00:00:00
db:NVDid:CVE-2020-6848date:2024-11-21T05:36:17.207

SOURCES RELEASE DATE
db:VULHUBid:VHN-133844date:2020-01-13T00:00:00
db:JVNDBid:JVNDB-2020-001320date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-412date:2020-01-13T00:00:00
db:NVDid:CVE-2020-6848date:2020-01-13T05:15:12.053