Sign-up

ID

VAR-202002-1345


CVE

CVE-2020-9028


TITLE

plural Symmetricom SyncServer Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002041

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). plural Symmetricom SyncServer A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-9028 // JVNDB: JVNDB-2020-002041 // CNVD: CNVD-2020-29567 // VULMON: CVE-2020-9028

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29567

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 2.4

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 2.4

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 2.4

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 2.4

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 2.4

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29567 // JVNDB: JVNDB-2020-002041 // CNNVD: CNNVD-202002-881 // NVD: CVE-2020-9028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9028
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002041
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-29567
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-881
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-9028
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9028
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-002041
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29567
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9028
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002041
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29567 // VULMON: CVE-2020-9028 // JVNDB: JVNDB-2020-002041 // CNNVD: CNNVD-202002-881 // NVD: CVE-2020-9028

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-002041 // NVD: CVE-2020-9028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-881

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202002-881

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002041

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002041

EXTERNAL IDS
db:NVDid:CVE-2020-9028
Trust: 3.1
db:JVNDBid:JVNDB-2020-002041
Trust: 0.8
db:CNVDid:CNVD-2020-29567
Trust: 0.6
db:CNNVDid:CNNVD-202002-881
Trust: 0.6
db:VULMONid:CVE-2020-9028
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-29567 // 
            
            
            
            VULMON: CVE-2020-9028 // 
            
            
            
            JVNDB: JVNDB-2020-002041 // 
            
            
            
            CNNVD: CNNVD-202002-881 // 
            
            
            
            NVD: CVE-2020-9028

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_95.html
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9028
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9028
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-29567 // 
            
            
            
            VULMON: CVE-2020-9028 // 
            
            
            
            JVNDB: JVNDB-2020-002041 // 
            
            
            
            CNNVD: CNNVD-202002-881 // 
            
            
            
            NVD: CVE-2020-9028

SOURCES
db:CNVDid:CNVD-2020-29567
db:VULMONid:CVE-2020-9028
db:JVNDBid:JVNDB-2020-002041
db:CNNVDid:CNNVD-202002-881
db:NVDid:CVE-2020-9028

LAST UPDATE DATE
2024-11-23T23:01:31.371000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29567date:2020-05-22T00:00:00
db:VULMONid:CVE-2020-9028date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002041date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-881date:2020-02-20T00:00:00
db:NVDid:CVE-2020-9028date:2024-11-21T05:39:51.643

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29567date:2020-05-22T00:00:00
db:VULMONid:CVE-2020-9028date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2020-002041date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-881date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9028date:2020-02-17T04:15:11.327