CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit-os.html
https://sku11army.blogspot.com/2020/01/iteris-vantage-velocity-field-unit-os.html

Products affected by CVE-2020-9020

Iteris » Vantage Velocity » Version: N/A

cpe:2.3:h:iteris:vantage_velocity:-
Iteris » Vantage Velocity Firmware » Version: 2.3.1

cpe:2.3:o:iteris:vantage_velocity_firmware:2.3.1
Iteris » Vantage Velocity Firmware » Version: 2.4.2

cpe:2.3:o:iteris:vantage_velocity_firmware:2.4.2
Iteris » Vantage Velocity Firmware » Version: 3.0

cpe:2.3:o:iteris:vantage_velocity_firmware:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9020

Products

Pricing

Contact Us