CVE-2020-17503 - Vulnerability Details - OpenCVE

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Barco	Transform N Transform Ndn-210 Lite Transform Ndn-210 Pro Transform Ndn-211 Lite Transform Ndn-211 Pro

Configuration 1 [-]

AND

cpe:2.3:o:barco:transform_n:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:barco:transform_ndn-210_lite:-:::::::*
	cpe:2.3:h:barco:transform_ndn-210_pro:-:::::::*
	cpe:2.3:h:barco:transform_ndn-211_lite:-:::::::*
	cpe:2.3:h:barco:transform_ndn-211_pro:-:::::::*

No data.

References

Link	Providers
https://www.barco.com/en/support/cms
https://www.barco.com/en/support/knowledge-base/kb11589
https://www.barco.com/en/support/transform-n-management-server

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-08T17:17:37

Updated: 2024-08-04T14:00:47.519Z

Reserved: 2020-08-12T00:00:00

Link: CVE-2020-17503

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-08T18:15:13.090

Modified: 2024-11-21T05:08:14.413

Link: CVE-2020-17503

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter \"locking\" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-08T17:17:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.barco.com/en/support/transform-n-management-server"}, {"tags": ["x_refsource_MISC"], "url": "https://www.barco.com/en/support/cms"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.barco.com/en/support/knowledge-base/kb11589"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-17503", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter \"locking\" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.barco.com/en/support/transform-n-management-server", "refsource": "MISC", "url": "https://www.barco.com/en/support/transform-n-management-server"}, {"name": "https://www.barco.com/en/support/cms", "refsource": "MISC", "url": "https://www.barco.com/en/support/cms"}, {"name": "https://www.barco.com/en/support/knowledge-base/kb11589", "refsource": "CONFIRM", "url": "https://www.barco.com/en/support/knowledge-base/kb11589"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:00:47.519Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.barco.com/en/support/transform-n-management-server"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.barco.com/en/support/cms"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.barco.com/en/support/knowledge-base/kb11589"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-17503", "datePublished": "2021-01-08T17:17:37", "dateReserved": "2020-08-12T00:00:00", "dateUpdated": "2024-08-04T14:00:47.519Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:barco:transform_n:*:*:*:*:*:*:*:*", "matchCriteriaId": "094B6FC0-DA52-4C94-8992-13522E60090C", "versionEndExcluding": "3.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:barco:transform_ndn-210_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BD8D359-AD98-4C2E-BBB6-16E4D00C9FA8", "vulnerable": false}, {"criteria": "cpe:2.3:h:barco:transform_ndn-210_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "44DD99C7-46AC-43FF-86AB-0B4CC222C902", "vulnerable": false}, {"criteria": "cpe:2.3:h:barco:transform_ndn-211_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8BF9D72-7D56-4E72-A66C-62D4232C57B6", "vulnerable": false}, {"criteria": "cpe:2.3:h:barco:transform_ndn-211_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9F7E77D-CCD3-4FF6-8D5E-0F745136B339", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter \"locking\" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards."}, {"lang": "es", "value": "El NDN-210 presenta un panel de administraci\u00f3n web que est\u00e1 disponible a trav\u00e9s de https. Se presenta un problema de inyecci\u00f3n de comando que permitir\u00e1 a usuarios autenticados en el panel de administraci\u00f3n llevar a cabo una ejecuci\u00f3n de c\u00f3digo remota autenticada. Se presenta un problema en el archivo split_card_cmd.php en el que el par\u00e1metro http \"locking\" no es manejado apropiadamente. El NDN-210 es parte de la soluci\u00f3n de Barco TransForm N y esta vulnerabilidad est\u00e1 parcheada a partir de TransForm N versi\u00f3n 3.8 en adelante"}], "id": "CVE-2020-17503", "lastModified": "2024-11-21T05:08:14.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-08T18:15:13.090", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/support/cms"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/support/knowledge-base/kb11589"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.barco.com/en/support/transform-n-management-server"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/support/cms"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.barco.com/en/support/knowledge-base/kb11589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://www.barco.com/en/support/transform-n-management-server"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}