CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13122

The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.075

EPSS Ranking 91.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 8.0

References

https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing
https://drive.google.com/file/d/1iL4cc0ZbQK9s190DbFQD7mWYbBH-vlJb/view?usp=sharing

Products affected by CVE-2020-13122

Noviflow » Noviware » Version: N/A

cpe:2.3:o:noviflow:noviware:-
Noviflow » Noviware » Version: nw500.2.12

cpe:2.3:o:noviflow:noviware:nw500.2.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13122

Products

Pricing

Contact Us