Skip to main content

Connectport Lts 32 Mei Bios CVE-2020-6973

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-02-13 ics-cert@hq.dhs.gov
6.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 13, 2020 - 00:15 nvd
MEDIUM 6.2

DescriptionNVD

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.

AnalysisAI

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. Affected products include: Digi Connectport Lts 32 Mei Bios, Digi Connectport Lts 32 Mei Firmware. Version information: Version 1.4.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

Share

CVE-2020-6973 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy