CVE-2020-29145

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://the-it-wonders.blogspot.com/2020/01/ericsson-bscs-ix-r18-billing-rating.html	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ericsson:bscs_ix_r18_billing_\&_rating_admx:-:::::::*
	cpe:2.3:a:ericsson:bscs_ix_r18_billing_\&_rating_mx:-:::::::*

History

No history.

Information

Published : 2020-11-27 04:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-29145

Mitre link : CVE-2020-29145

CVE.ORG link : CVE-2020-29145

JSON object : View

Products Affected

ericsson

bscs_ix_r18_billing_\&_rating_admx
bscs_ix_r18_billing_\&_rating_mx

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2020-29145", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-11-27T04:15:10.307", "references": [{"url": "http://the-it-wonders.blogspot.com/2020/01/ericsson-bscs-ix-r18-billing-rating.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework."}, {"lang": "es", "value": "En Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX es un m\u00f3dulo de base web en BSCS iX que es vulnerable a un ataque de tipo XSS almacenado por medio del campo name o description en un Access Rights Group de solutionUnitServlet?SuName=UserReferenceDataSU. En la mayor\u00eda de los casos de prueba, el secuestro de sesiones tambi\u00e9n fue posible usando una vulnerabilidad de tipo XSS. Esto potencialmente permite la toma de control total de la cuenta o la explotaci\u00f3n de los navegadores de los administradores mediante el uso del framework beef"}], "lastModified": "2020-12-04T02:56:19.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ericsson:bscs_ix_r18_billing_\\&_rating_admx:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63CC94DB-B085-460F-99DF-6F70AA2400F5"}, {"criteria": "cpe:2.3:a:ericsson:bscs_ix_r18_billing_\\&_rating_mx:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28A2EF02-A725-4C31-B5B4-8B6D88E6497D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}