First published: Mon Feb 17 2020(Updated: )
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Iteris Vantage Velocity Firmware | =2.3.1 | |
Iteris Vantage Velocity Firmware | =2.4.2 | |
Iteris Vantage Velocity Firmware | =3.0 | |
Iteris Vantage Velocity |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9020 is a vulnerability found in Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices that allows the injection of OS commands into cgi-bin/timeconfig.py.
CVE-2020-9020 has a severity rating of 9.8 out of 10, making it critical.
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices are affected by CVE-2020-9020.
The injection of OS commands can be exploited by utilizing shell metacharacters in the NTP Server field of cgi-bin/timeconfig.py.
No, Iteris Vantage Velocity is not vulnerable to CVE-2020-9020.