Sign-up

ID

VAR-202004-2035


CVE

CVE-2020-6974


TITLE

Honeywell Notifier Web Server Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003892

DESCRIPTION

Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. (DoS) It may be put into a state. NOTI? FIRE? NET Web Server is a web-based HTML server that allows you to remotely access the NOTI? FIRE? NET network via the Internet or an intranet. An attacker could use this vulnerability to gain unauthorized access to a restricted directory

Trust: 2.25

sources: NVD: CVE-2020-6974 // JVNDB: JVNDB-2020-003892 // CNVD: CNVD-2020-14320 // VULMON: CVE-2020-6974

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14320

AFFECTED PRODUCTS

vendor:honeywellmodel:notifier webserverscope:lteversion:3.50

Trust: 1.0

vendor:honeywellmodel:noti-fire-net web serverscope:eqversion:3.50

Trust: 0.8

vendor:honeywellmodel:noti?fire?net web serverscope:lteversion:<=3.50

Trust: 0.6

sources: CNVD: CNVD-2020-14320 // JVNDB: JVNDB-2020-003892 // NVD: CVE-2020-6974

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6974
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003892
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-14320
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-1149
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-6974
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-6974
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003892
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14320
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-6974
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003892
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14320 // VULMON: CVE-2020-6974 // JVNDB: JVNDB-2020-003892 // CNNVD: CNNVD-202002-1149 // NVD: CVE-2020-6974

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-003892 // NVD: CVE-2020-6974

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1149

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-1149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003892

PATCH
title:Top Pageurl:https://www.honeywell.com/
Trust: 0.8
title:Patch for NOTI? FIRE? NET Web Server Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/205595
Trust: 0.6
title:Honeywell Notifier Web Server Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=110790
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14320 // 
            
            
            
            JVNDB: JVNDB-2020-003892 // 
            
            
            
            CNNVD: CNNVD-202002-1149

EXTERNAL IDS
db:NVDid:CVE-2020-6974
Trust: 3.1
db:ICS CERTid:ICSA-20-051-03
Trust: 2.5
db:JVNDBid:JVNDB-2020-003892
Trust: 0.8
db:CNVDid:CNVD-2020-14320
Trust: 0.6
db:NSFOCUSid:46003
Trust: 0.6
db:AUSCERTid:ESB-2020.0647
Trust: 0.6
db:CNNVDid:CNNVD-202002-1149
Trust: 0.6
db:VULMONid:CVE-2020-6974
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-14320 // 
            
            
            
            VULMON: CVE-2020-6974 // 
            
            
            
            JVNDB: JVNDB-2020-003892 // 
            
            
            
            CNNVD: CNNVD-202002-1149 // 
            
            
            
            NVD: CVE-2020-6974

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-051-03
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-6974
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6974
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46003
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0647/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-14320 // 
            
            
            
            VULMON: CVE-2020-6974 // 
            
            
            
            JVNDB: JVNDB-2020-003892 // 
            
            
            
            CNNVD: CNNVD-202002-1149 // 
            
            
            
            NVD: CVE-2020-6974

SOURCES
db:CNVDid:CNVD-2020-14320
db:VULMONid:CVE-2020-6974
db:JVNDBid:JVNDB-2020-003892
db:CNNVDid:CNNVD-202002-1149
db:NVDid:CVE-2020-6974

LAST UPDATE DATE
2024-11-23T21:59:22.709000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14320date:2020-02-28T00:00:00
db:VULMONid:CVE-2020-6974date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003892date:2020-04-28T00:00:00
db:CNNVDid:CNNVD-202002-1149date:2023-05-25T00:00:00
db:NVDid:CVE-2020-6974date:2024-11-21T05:36:24.960

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14320date:2020-02-28T00:00:00
db:VULMONid:CVE-2020-6974date:2020-04-07T00:00:00
db:JVNDBid:JVNDB-2020-003892date:2020-04-28T00:00:00
db:CNNVDid:CNNVD-202002-1149date:2020-02-25T00:00:00
db:NVDid:CVE-2020-6974date:2020-04-07T18:15:13.773