Vulnerability-Lookup

CVE-2020-6972 (GCVE-0-2020-6972)

Vulnerability from cvelistv5 – Published: 2020-03-24 16:38 – Updated: 2024-08-04 09:18

Summary

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

Severity ?

No CVSS data available.

CWE

CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294

Assigner

icscert

References

URL

	Vendor	Product	Version
	Honeywell	Notifier Web Server (NWS) Version 3.50 and earlier	Affected: Notifier Web Server (NWS) Version 3.50 and earlier

ICSA-20-051-03

Vulnerability from csaf_cisa - Published: 2020-02-20 00:00 - Updated: 2020-02-20 00:00

Summary

Honeywell NOTI-FIRE-NET Web Server (NWS-3)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Gjoko Krstikj"
        ],
        "summary": "reporting these vulnerabilities to Honeywell"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-051-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-051-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-051-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-051-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Honeywell NOTI-FIRE-NET Web Server (NWS-3)",
    "tracking": {
      "current_release_date": "2020-02-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-051-03",
      "initial_release_date": "2020-02-20T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-02-20T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-051-03 Honeywell NOTI-FIRE-NET Web Server (NWS-3)"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.50",
                "product": {
                  "name": "NOTI-FIRE-NET Web Server (NWS-3): Version 3.50 and earlier",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "NOTI-FIRE-NET Web Server (NWS-3)"
          }
        ],
        "category": "vendor",
        "name": "Honeywell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-6972",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Honeywell Fire Web Server \u0027s authentication may be bypassed by a capture-replay attack from a web browser.CVE-2020-6972 has been assigned to this vulnerability. A CVSS v3 base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6972"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Honeywell has released a firmware update package (login required) for all affected products listed above.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.securityandfire.honeywell.com/notifier/en-us/-/media/Files/Notifier/Firmware/NWS_3_v4_51.zip"
        },
        {
          "category": "mitigation",
          "details": "For additional details please see Honeywell Security Notification SN 2020-02-04 01",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.notifier.com.au/notices/Security_Notification_SN_2020-02-04_Rev_01_Notifier.pdf"
        },
        {
          "category": "mitigation",
          "details": "Update NWS-3 firmware per the security notification.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Isolate system from the Internet or create additional layers of defense by placing the affected hardware behind a firewall or into a DMZ.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Always use strong passwords on installations to prevent unauthorized access",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-6974",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories.CVE-2020-6974 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6974"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Honeywell has released a firmware update package (login required) for all affected products listed above.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.securityandfire.honeywell.com/notifier/en-us/-/media/Files/Notifier/Firmware/NWS_3_v4_51.zip"
        },
        {
          "category": "mitigation",
          "details": "For additional details please see Honeywell Security Notification SN 2020-02-04 01",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.notifier.com.au/notices/Security_Notification_SN_2020-02-04_Rev_01_Notifier.pdf"
        },
        {
          "category": "mitigation",
          "details": "Update NWS-3 firmware per the security notification.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Isolate system from the Internet or create additional layers of defense by placing the affected hardware behind a firewall or into a DMZ.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "If remote connections to the network are required, consider using a VPN or other means to ensure secure remote connections into the network where the device is located.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Always use strong passwords on installations to prevent unauthorized access",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-202003-1594

Vulnerability from variot - Updated: 2023-12-18 12:49

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. NOTI? FIRE? NET Web Server is a web-based HTML server that allows you to remotely access the NOTI? FIRE? NET network via the Internet or an intranet. An attacker could use this vulnerability to bypass authentication through a browser capture-replay attack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1594",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "notifier webserver",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "honeywell",
        "version": "3.50"
      },
      {
        "model": "noti-fire-net web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "honeywell",
        "version": "3.50"
      },
      {
        "model": "noti?fire?net web server",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "honeywell",
        "version": "\u003c=3.50"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:notifier_webserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      }
    ]
  },
  "cve": "CVE-2020-6972",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-003395",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-14319",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-003395",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-6972",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-003395",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-14319",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-1046",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser. NOTI? FIRE? NET Web Server is a web-based HTML server that allows you to remotely access the NOTI? FIRE? NET network via the Internet or an intranet. An attacker could use this vulnerability to bypass authentication through a browser capture-replay attack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-6972",
        "trust": 3.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-051-03",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0647",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "46004",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "id": "VAR-202003-1594",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:49:42.046000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.honeywell.com/"
      },
      {
        "title": "Patch for NOTI? FIRE? NET Web Server Authentication Bypass Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/205611"
      },
      {
        "title": "Honeywell Notifier Web Server Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=110567"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-294",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6972"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6972"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/46004"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0647/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "date": "2020-03-24T17:15:11.467000",
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "date": "2020-02-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-14319"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      },
      {
        "date": "2020-03-27T19:46:47.987000",
        "db": "NVD",
        "id": "CVE-2020-6972"
      },
      {
        "date": "2023-05-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Notifier Web Server In  Capture-replay Vulnerability related to authentication bypass by",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003395"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1046"
      }
    ],
    "trust": 0.6
  }
}

GHSA-4PWW-FGMG-2G7R

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28

Details

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6972"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-24T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser.",
  "id": "GHSA-4pww-fgmg-2g7r",
  "modified": "2022-05-24T22:28:12Z",
  "published": "2022-05-24T22:28:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6972"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-6972

Vulnerability from fkie_nvd - Published: 2020-03-24 17:15 - Updated: 2024-11-21 05:36

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-20-051-03	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-20-051-03	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	honeywell	notifier_webserver	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:honeywell:notifier_webserver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9096B70A-79EC-4235-91F2-48D52246272F",
              "versionEndIncluding": "3.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser."
    },
    {
      "lang": "es",
      "value": "En Notifier Web Server (NWS) versiones 3.50 y anteriores, la autenticaci\u00f3n del Honeywell Fire Web Server puede ser omitida por un ataque de reproducci\u00f3n de captura desde un navegador web."
    }
  ],
  "id": "CVE-2020-6972",
  "lastModified": "2024-11-21T05:36:24.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-24T17:15:11.467",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-6972

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.

Aliases

CVE-2020-6972

Aliases

CVE-2020-6972

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6972",
    "description": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser.",
    "id": "GSD-2020-6972"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6972"
      ],
      "details": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser.",
      "id": "GSD-2020-6972",
      "modified": "2023-12-13T01:21:55.143192Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2020-6972",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Notifier Web Server (NWS) Version 3.50 and earlier",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Notifier Web Server (NWS) Version 3.50 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Honeywell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:honeywell:notifier_webserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-6972"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server\u2019s authentication may be bypassed by a capture-replay attack from a web browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-294"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2020-03-27T19:46Z",
      "publishedDate": "2020-03-24T17:15Z"
    }
  }
}

CNVD-2020-14319

Vulnerability from cnvd - Published: 2020-02-28

Title

NOTI?FIRE?NET Web Server认证绕过漏洞

Description

NOTI?FIRE?NET Web Server是一款基于Web的HTML服务器，可让您通过互联网或内联网远程访问NOTI?FIRE?NET网络。 NOTI?FIRE?NET Web Server 3.50及更早版本存在认证绕过漏洞。攻击者可通过浏览器捕获-重放攻击利用该漏洞绕过认证。

Severity

低

Patch Name

NOTI?FIRE?NET Web Server认证绕过漏洞的补丁

Patch Description

NOTI?FIRE?NET Web Server是一款基于Web的HTML服务器，可让您通过互联网或内联网远程访问NOTI?FIRE?NET网络。 NOTI?FIRE?NET Web Server 3.50及更早版本存在认证绕过漏洞。攻击者可通过浏览器捕获-重放攻击利用该漏洞绕过认证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.us-cert.gov/ics/advisories/icsa-20-051-03

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-6972

Impacted products

Name
Honeywell NOTI?FIRE?NET Web Server <=3.50

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6972",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6972"
    }
  },
  "description": "NOTI?FIRE?NET Web Server\u662f\u4e00\u6b3e\u57fa\u4e8eWeb\u7684HTML\u670d\u52a1\u5668\uff0c\u53ef\u8ba9\u60a8\u901a\u8fc7\u4e92\u8054\u7f51\u6216\u5185\u8054\u7f51\u8fdc\u7a0b\u8bbf\u95eeNOTI?FIRE?NET\u7f51\u7edc\u3002\n\nNOTI?FIRE?NET Web Server 3.50\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6d4f\u89c8\u5668\u6355\u83b7-\u91cd\u653e\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8ba4\u8bc1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.us-cert.gov/ics/advisories/icsa-20-051-03",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-14319",
  "openTime": "2020-02-28",
  "patchDescription": "NOTI?FIRE?NET Web Server\u662f\u4e00\u6b3e\u57fa\u4e8eWeb\u7684HTML\u670d\u52a1\u5668\uff0c\u53ef\u8ba9\u60a8\u901a\u8fc7\u4e92\u8054\u7f51\u6216\u5185\u8054\u7f51\u8fdc\u7a0b\u8bbf\u95eeNOTI?FIRE?NET\u7f51\u7edc\u3002\r\n\r\nNOTI?FIRE?NET Web Server 3.50\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6d4f\u89c8\u5668\u6355\u83b7-\u91cd\u653e\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8ba4\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NOTI?FIRE?NET Web Server\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Honeywell NOTI?FIRE?NET Web Server \u003c=3.50"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6972",
  "serverity": "\u4f4e",
  "submitTime": "2020-02-21",
  "title": "NOTI?FIRE?NET Web Server\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6972 (GCVE-0-2020-6972)

ICSA-20-051-03

VAR-202003-1594

GHSA-4PWW-FGMG-2G7R

FKIE_CVE-2020-6972

GSD-2020-6972

CNVD-2020-14319

Tags

Sightings

Nomenclature