Sign-up

ID

VAR-202007-0399


CVE

CVE-2020-14503


TITLE

Advantech iView Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007697

DESCRIPTION

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of user-supplied data prior to further processing. Advantech iView is a device management application provided by Advantech

Trust: 2.88

sources: NVD: CVE-2020-14503 // JVNDB: JVNDB-2020-007697 // ZDI: ZDI-20-834 // CNVD: CNVD-2020-54157 // VULHUB: VHN-167388

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-54157

AFFECTED PRODUCTS

vendor:advantechmodel:iviewscope:lteversion:5.6

Trust: 1.0

vendor:advantechmodel:iviewscope:eqversion:5.6

Trust: 0.8

vendor:advantechmodel:iviewscope: - version: -

Trust: 0.7

vendor:advantechmodel:iviewscope:lteversion:<=5.6

Trust: 0.6

sources: ZDI: ZDI-20-834 // CNVD: CNVD-2020-54157 // JVNDB: JVNDB-2020-007697 // NVD: CVE-2020-14503

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14503
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007697
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-14503
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-54157
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-958
value: CRITICAL

Trust: 0.6

VULHUB: VHN-167388
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-14503
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007697
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-54157
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-167388
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14503
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007697
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-14503
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-834 // CNVD: CNVD-2020-54157 // VULHUB: VHN-167388 // JVNDB: JVNDB-2020-007697 // CNNVD: CNNVD-202007-958 // NVD: CVE-2020-14503

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-167388 // JVNDB: JVNDB-2020-007697 // NVD: CVE-2020-14503

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-958

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-958

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007697

PATCH
title:Top Pageurl:https://www.advantech.co.jp/
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33
Trust: 0.7
title:Patch for Advantech iView input verification vulnerability (CVE-2020-14503)url:https://www.cnvd.org.cn/patchInfo/show/235648
Trust: 0.6
title:Advantech iView Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124488
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-834 // 
            
            
            
            CNVD: CNVD-2020-54157 // 
            
            
            
            JVNDB: JVNDB-2020-007697 // 
            
            
            
            CNNVD: CNNVD-202007-958

EXTERNAL IDS
db:NVDid:CVE-2020-14503
Trust: 3.8
db:ICS CERTid:ICSA-20-196-01
Trust: 2.5
db:ZDIid:ZDI-20-834
Trust: 2.4
db:JVNid:JVNVU95694616
Trust: 0.8
db:JVNDBid:JVNDB-2020-007697
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10646
Trust: 0.7
db:CNVDid:CNVD-2020-54157
Trust: 0.7
db:CNNVDid:CNNVD-202007-958
Trust: 0.7
db:NSFOCUSid:47219
Trust: 0.6
db:AUSCERTid:ESB-2020.2382
Trust: 0.6
db:VULHUBid:VHN-167388
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-834 // 
            
            
            
            CNVD: CNVD-2020-54157 // 
            
            
            
            VULHUB: VHN-167388 // 
            
            
            
            JVNDB: JVNDB-2020-007697 // 
            
            
            
            CNNVD: CNNVD-202007-958 // 
            
            
            
            NVD: CVE-2020-14503

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-14503
Trust: 2.0
url:https://www.zerodayinitiative.com/advisories/zdi-20-834/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14503
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95694616/
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33
Trust: 0.7
url:http://www.nsfocus.net/vulndb/47219
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2382/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-834 // 
            
            
            
            CNVD: CNVD-2020-54157 // 
            
            
            
            VULHUB: VHN-167388 // 
            
            
            
            JVNDB: JVNDB-2020-007697 // 
            
            
            
            CNNVD: CNNVD-202007-958 // 
            
            
            
            NVD: CVE-2020-14503

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-834

SOURCES
db:ZDIid:ZDI-20-834
db:CNVDid:CNVD-2020-54157
db:VULHUBid:VHN-167388
db:JVNDBid:JVNDB-2020-007697
db:CNNVDid:CNNVD-202007-958
db:NVDid:CVE-2020-14503

LAST UPDATE DATE
2024-08-14T14:03:39+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-834date:2020-07-16T00:00:00
db:CNVDid:CNVD-2020-54157date:2020-09-27T00:00:00
db:VULHUBid:VHN-167388date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-007697date:2020-08-21T00:00:00
db:CNNVDid:CNNVD-202007-958date:2020-12-31T00:00:00
db:NVDid:CVE-2020-14503date:2020-07-23T19:26:29.337

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-834date:2020-07-16T00:00:00
db:CNVDid:CNVD-2020-54157date:2020-09-27T00:00:00
db:VULHUBid:VHN-167388date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2020-007697date:2020-08-21T00:00:00
db:CNNVDid:CNNVD-202007-958date:2020-07-14T00:00:00
db:NVDid:CVE-2020-14503date:2020-07-15T03:15:50.687