CVE-2020-6960 — CRITICAL (9.8)

Q: How severe is CVE-2020-6960?

CVE-2020-6960 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6960?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Maxpro Nvr Xe Firmware, Honeywell Maxpro Nvr Xe, Honeywell Maxpro Nvr Se Firmware, Honeywell Maxpro Nvr Se, Honeywell Maxpro Nvr Pe Firmware.

Vulnerability Description

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Honeywell	Maxpro Nvr Xe Firmware	<= 5.6
Honeywell	Maxpro Nvr Xe	-
Honeywell	Maxpro Nvr Se Firmware	<= 5.6
Honeywell	Maxpro Nvr Se	-
Honeywell	Maxpro Nvr Pe Firmware	<= 5.6
Honeywell	Maxpro Nvr Pe	-
Honeywell	Mpnvrswxx Firmware	<= 5.6
Honeywell	Mpnvrswxx	-
Honeywell	Hnmswvms Firmware	<= vms560
Honeywell	Hnmswvms	-
Honeywell	Hnmswvmslt Firmware	<= vms560
Honeywell	Hnmswvmslt	-

Related Weaknesses (CWE)

CWE-89

References

https://www.us-cert.gov/ics/advisories/icsa-20-021-01Third Party AdvisoryUS Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-021-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-6960?

CVE-2020-6960 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to ...

How severe is CVE-2020-6960?

CVE-2020-6960 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6960?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Maxpro Nvr Xe Firmware, Honeywell Maxpro Nvr Xe, Honeywell Maxpro Nvr Se Firmware, Honeywell Maxpro Nvr Se, Honeywell Maxpro Nvr Pe Firmware.