CVE-2020-9020: OS Command Injection
First published: Mon Feb 17 2020(Updated: )
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Iteris Vantage Velocity Firmware | =2.3.1 | |
| Iteris Vantage Velocity Firmware | =2.4.2 | |
| Iteris Vantage Velocity Firmware | =3.0 | |
| Iteris Vantage Velocity |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-9020?
CVE-2020-9020 is a vulnerability found in Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices that allows the injection of OS commands into cgi-bin/timeconfig.py.
How severe is CVE-2020-9020?
CVE-2020-9020 has a severity rating of 9.8 out of 10, making it critical.
Which devices are affected by CVE-2020-9020?
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices are affected by CVE-2020-9020.
How can the injection of OS commands in Iteris Vantage Velocity Field Unit be exploited?
The injection of OS commands can be exploited by utilizing shell metacharacters in the NTP Server field of cgi-bin/timeconfig.py.
Is Iteris Vantage Velocity vulnerable to CVE-2020-9020?
No, Iteris Vantage Velocity is not vulnerable to CVE-2020-9020.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/iteris
- canonical/iteris vantage velocity firmware
- version/iteris vantage velocity firmware/2.3.1
- version/iteris vantage velocity firmware/2.4.2
- version/iteris vantage velocity firmware/3.0
- canonical/iteris vantage velocity