CVE-2020-14224

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085913	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hcltech:notes:9.0:::::::*
	cpe:2.3:a:hcltech:notes:9.0.1:-::::::

History

No history.

Information

Published : 2020-12-18 23:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-14224

Mitre link : CVE-2020-14224

CVE.ORG link : CVE-2020-14224

JSON object : View

Products Affected

hcltech

notes

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-14224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-18T23:15:13.043", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085913", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo de mensajes MIME del cliente HCL Notes versi\u00f3n v9, podr\u00eda potencialmente ser explotada por un atacante no autenticado, resultando en un desbordamiento del b\u00fafer de pila. Esto podr\u00eda permitir a un atacante remoto bloquear la aplicaci\u00f3n Notes o inyectar c\u00f3digo en el sistema que podr\u00eda ejecutarse con los privilegios del usuario actualmente conectado"}], "lastModified": "2020-12-22T15:02:17.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:notes:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19015D39-9117-4A6E-BCD7-0951CB185399"}, {"criteria": "cpe:2.3:a:hcltech:notes:9.0.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "978E309F-453B-4D9D-8D15-5A6919E8D178"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}