CVE-2020-5648

Published Nov 6, 2020

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-88

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mitsubishielectric:coreos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44FA010C-360A-4DE4-8F59-C67EA0569B2A",
            "versionEndIncluding": "05.65.00.bd"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qlbde:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F587B0E6-D2B1-47CC-80FE-8004698E4F71"
          },
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:gt1450-qmbde:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF218A1A-4B6D-4510-80A7-CC22B8D027A4"
          },
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:gt1450hs-qmbde:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FE9E2C66-4742-4D50-A2AC-AE097BEF7CBE"
          },
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:gt1455-qtbde:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D2726AE6-8870-4FB3-B15C-88AAB26FBB9F"
          },
          {
            "criteria": "cpe:2.3:h:mitsubishielectric:gt1455hs-qtbde:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3B4C3649-B5DF-4D62-A1EC-4A9DD2CA128A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References