Sign-up

ID

VAR-202001-1751


CVE

CVE-2020-6756


TITLE

Rasilient PixelStor 5000 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001330

DESCRIPTION

languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. Rasilient PixelStor 5000 Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Rasilient PixelStor 5000 is a RAID disk array. A remote code execution vulnerability exists in languageOptions.php in Rasilient PixelStor 5000 K: 4.0.1580-20150629 (KDI version)

Trust: 2.16

sources: NVD: CVE-2020-6756 // JVNDB: JVNDB-2020-001330 // CNVD: CNVD-2020-14703

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14703

AFFECTED PRODUCTS

vendor:rasilientmodel:pixelstor 5000scope:eqversion:4.0.1580-20150629

Trust: 1.0

vendor:rasilientmodel:pixelstor 5000scope:eqversion:k:4.0.1580-20150629

Trust: 0.8

vendor:rasilientmodel:pixelstor k:scope:eqversion:50004.0.1580-20150629

Trust: 0.6

sources: CNVD: CNVD-2020-14703 // JVNDB: JVNDB-2020-001330 // NVD: CVE-2020-6756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6756
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2020-6756
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-6756
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-14703
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-346
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-6756
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-14703
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cve@mitre.org: CVE-2020-6756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-6756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-14703 // JVNDB: JVNDB-2020-001330 // CNNVD: CNNVD-202001-346 // NVD: CVE-2020-6756 // NVD: CVE-2020-6756

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-001330 // NVD: CVE-2020-6756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-346

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-346

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001330

PATCH
title:Top Pageurl:http://rasilient.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001330

EXTERNAL IDS
db:NVDid:CVE-2020-6756
Trust: 3.0
db:PACKETSTORMid:155898
Trust: 1.6
db:JVNDBid:JVNDB-2020-001330
Trust: 0.8
db:CNVDid:CNVD-2020-14703
Trust: 0.6
db:EXPLOIT-DBid:47899
Trust: 0.6
db:CNNVDid:CNNVD-202001-346
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14703 // 
            
            
            
            JVNDB: JVNDB-2020-001330 // 
            
            
            
            CNNVD: CNNVD-202001-346 // 
            
            
            
            NVD: CVE-2020-6756

REFERENCES
url:https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/
Trust: 2.4
url:http://packetstormsecurity.com/files/155898/pixelstor-5000-k-4.0.1580-20150629-remote-code-execution.html
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-6756
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6756
Trust: 0.8
url:https://www.exploit-db.com/exploits/47899
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14703 // 
            
            
            
            JVNDB: JVNDB-2020-001330 // 
            
            
            
            CNNVD: CNNVD-202001-346 // 
            
            
            
            NVD: CVE-2020-6756

CREDITS
.:UND3R:.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-346

SOURCES
db:CNVDid:CNVD-2020-14703
db:JVNDBid:JVNDB-2020-001330
db:CNNVDid:CNNVD-202001-346
db:NVDid:CVE-2020-6756

LAST UPDATE DATE
2024-11-23T22:51:30.720000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14703date:2020-02-29T00:00:00
db:JVNDBid:JVNDB-2020-001330date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-346date:2021-01-05T00:00:00
db:NVDid:CVE-2020-6756date:2024-11-21T05:36:08.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14703date:2020-02-29T00:00:00
db:JVNDBid:JVNDB-2020-001330date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-346date:2020-01-09T00:00:00
db:NVDid:CVE-2020-6756date:2020-01-09T23:15:10.477