5.3
CVE-2020-13528
- EPSS 0.69%
- Veröffentlicht 18.12.2020 00:15:14
- Zuletzt bearbeitet 21.11.2024 05:01:26
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginAn information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lantronix ≫ Xport Edge Firmware Version3.0.0.0 Updater11
Lantronix ≫ Xport Edge Firmware Version3.1.0.0 Updater9
Lantronix ≫ Xport Edge Firmware Version3.4.0.0 Updater12
Lantronix ≫ Xport Edge Firmware Version4.2.0.0 Updater7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.709 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
| talos-cna@cisco.com | 3.1 | 1.6 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.