CVE-2020-16230

Published: Sep 18, 2020Modified: Nov 21, 2024

2.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.

Affected (2)

Products: Hms Networks: Ewon Flexy Firmware, Ewon Cosy Firmware

Hms Networks

2 products

Ewon Flexy Firmware

Ewon Cosy Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hms Networks Ewon Flexy Firmware	Before 14.1

Running on/with	Platform Versions
Hms Networks Ewon Flexy	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hms Networks Ewon Cosy Firmware	Before 14.1

Running on/with	Platform Versions
Hms Networks Ewon Cosy	All versions

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-20-254-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-20-254-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.