CVE-2020-6959 — CRITICAL (9.8)

Q: How severe is CVE-2020-6959?

CVE-2020-6959 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6959?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Maxpro Nvr Xe Firmware, Honeywell Maxpro Nvr Xe, Honeywell Maxpro Nvr Se Firmware, Honeywell Maxpro Nvr Se, Honeywell Maxpro Nvr Pe Firmware.

Vulnerability Description

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Honeywell	Maxpro Nvr Xe Firmware	<= 5.6
Honeywell	Maxpro Nvr Xe	-
Honeywell	Maxpro Nvr Se Firmware	<= 5.6
Honeywell	Maxpro Nvr Se	-
Honeywell	Maxpro Nvr Pe Firmware	<= 5.6
Honeywell	Maxpro Nvr Pe	-
Honeywell	Mpnvrswxx Firmware	<= 5.6
Honeywell	Mpnvrswxx	-
Honeywell	Hnmswvms Firmware	<= vms560
Honeywell	Hnmswvms	-
Honeywell	Hnmswvmslt Firmware	<= vms560
Honeywell	Hnmswvmslt	-

Related Weaknesses (CWE)

CWE-502

References

https://www.us-cert.gov/ics/advisories/icsa-20-021-01Third Party AdvisoryUS Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-021-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6959?

CVE-2020-6959 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to ...

How severe is CVE-2020-6959?

CVE-2020-6959 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6959?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Maxpro Nvr Xe Firmware, Honeywell Maxpro Nvr Xe, Honeywell Maxpro Nvr Se Firmware, Honeywell Maxpro Nvr Se, Honeywell Maxpro Nvr Pe Firmware.