CVE-2014-5417

Published Nov 5, 2014

Last updated 9 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:meinberg:ntp_server_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ECC0D7C-3328-432F-8048-CA46CE46C184"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m100:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E0C144F-4A90-43DC-982E-2330DF8FF698",
            "versionEndIncluding": "6.15.0.19"
          },
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m200:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDB2B731-6454-430D-8F63-7C77D54EAF63",
            "versionEndIncluding": "6.15.0.19"
          },
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m300:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B34BA5C-CCE1-408B-86AB-073AC4C7266F",
            "versionEndIncluding": "6.15.0.19"
          },
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m3000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF533BFB-F7F9-4352-8178-4BC668A56C69",
            "versionEndIncluding": "6.15.0.19"
          },
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m400:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAEF244D-4FAC-4D2F-8694-6DF0CFEDFBFA",
            "versionEndIncluding": "6.15.0.19"
          },
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m600:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B6AAA23-D87F-4BDD-A147-6689E75D3800",
            "versionEndIncluding": "6.15.0.19"
          },
          {
            "criteria": "cpe:2.3:h:meinberg:lantime_m900:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1D98DB4-88A1-4113-A7B7-ECE0FC616371",
            "versionEndIncluding": "6.15.0.19"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References