CVE-2020-6959
First published: Wed Jan 22 2020(Updated: )
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Honeywell Maxpro Nvr Xe Firmware | <=5.6 | |
| Honeywell Maxpro Nvr Xe | ||
| Honeywell Maxpro Nvr Se Firmware | <=5.6 | |
| Honeywell Maxpro Nvr Se | ||
| Honeywell Maxpro Nvr Pe Firmware | <=5.6 | |
| Honeywell Maxpro Nvr Pe | ||
| Honeywell Mpnvrswxx Firmware | <=5.6 | |
| Honeywell Mpnvrswxx | ||
| Honeywell Hnmswvms Firmware | <=vms560 | |
| Honeywell Hnmswvms | ||
| Honeywell Hnmswvmslt Firmware | <=vms560 | |
| Honeywell Hnmswvmslt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6959?
CVE-2020-6959 is a vulnerability in MAXPRO VMS and NVR software versions prior to Version VMS560 Build 595 T2-Patch.
What is the severity of CVE-2020-6959?
CVE-2020-6959 has a severity rating of 9.8 (Critical).
Which software versions are affected by CVE-2020-6959?
MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, Honeywell Mpnvrswxx Firmware versions up to and including 5.6, Honeywell Hnmswvms Firmware versions up to and including vms560, and Honeywell Hnmswvmslt Firmware versions up to and including vms560.
How can I fix CVE-2020-6959?
To fix CVE-2020-6959, users should update their MAXPRO VMS and NVR software to at least Version VMS560 Build 595 T2-Patch or Version NVR 5.6 Build 595 T2-Patch, depending on the affected product.
Where can I find more information about CVE-2020-6959?
You can find more information about CVE-2020-6959 at the following link: [https://www.us-cert.gov/ics/advisories/icsa-20-021-01](https://www.us-cert.gov/ics/advisories/icsa-20-021-01).
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/honeywell
- canonical/honeywell maxpro nvr xe firmware
- version/honeywell maxpro nvr xe firmware/5.6
- canonical/honeywell maxpro nvr xe
- canonical/honeywell maxpro nvr se firmware
- version/honeywell maxpro nvr se firmware/5.6
- canonical/honeywell maxpro nvr se
- canonical/honeywell maxpro nvr pe firmware
- version/honeywell maxpro nvr pe firmware/5.6
- canonical/honeywell maxpro nvr pe
- canonical/honeywell mpnvrswxx firmware
- version/honeywell mpnvrswxx firmware/5.6
- canonical/honeywell mpnvrswxx
- canonical/honeywell hnmswvms firmware
- version/honeywell hnmswvms firmware/vms560
- canonical/honeywell hnmswvms
- canonical/honeywell hnmswvmslt firmware
- version/honeywell hnmswvmslt firmware/vms560
- canonical/honeywell hnmswvmslt