Lucene search

MitreCVE-2012-5053

HistoryMar 07, 2013 - 12:55 a.m.

CVE-2012-5053

2013-03-0700:55:01

CWE-79

mitre

web.nvd.nist.gov

vulnerability

xss

trimble

infrastructure

gnss

receivers

netr3

netr5

netr8

netr9

netrs

cve-2012-5053

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

51.5%

JSON

Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

trimbleinfrastructure_gnss_series_receiver_netr3Match-

trimbleinfrastructure_gnss_series_receiver_netr5Match-

trimbleinfrastructure_gnss_series_receiver_netr8Match-

trimbleinfrastructure_gnss_series_receiver_netr9Match-

AND

trimbleinfrastructure_gnss_series_receiver_firmwareRange<4.7.0

Node

trimbleinfrastructure_netrs_receiverMatch-

AND

trimbleinfrastructure_netrs_receiver_firmwareRange<1.3-2

VendorProductVersionCPE
trimbleinfrastructure_gnss_series_receiver_netr3-cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:*:*:*:*:*:*:*
trimbleinfrastructure_gnss_series_receiver_netr5-cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:*:*:*:*:*:*:*
trimbleinfrastructure_gnss_series_receiver_netr8-cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:*:*:*:*:*:*:*
trimbleinfrastructure_gnss_series_receiver_netr9-cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:*:*:*:*:*:*:*
trimbleinfrastructure_gnss_series_receiver_firmware*cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware:*:*:*:*:*:*:*:*
trimbleinfrastructure_netrs_receiver-cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:*:*:*:*:*:*:*
trimbleinfrastructure_netrs_receiver_firmware*cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trimble	infrastructure_gnss_series_receiver_netr3	-	cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr3:-:::::::*
trimble	infrastructure_gnss_series_receiver_netr5	-	cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr5:-:::::::*
trimble	infrastructure_gnss_series_receiver_netr8	-	cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr8:-:::::::*
trimble	infrastructure_gnss_series_receiver_netr9	-	cpe:2.3:h:trimble:infrastructure_gnss_series_receiver_netr9:-:::::::*
trimble	infrastructure_gnss_series_receiver_firmware	*	cpe:2.3:o:trimble:infrastructure_gnss_series_receiver_firmware::::::::
trimble	infrastructure_netrs_receiver	-	cpe:2.3:h:trimble:infrastructure_netrs_receiver:-:::::::*
trimble	infrastructure_netrs_receiver_firmware	*	cpe:2.3:o:trimble:infrastructure_netrs_receiver_firmware::::::::

References

archives.neohapsis.com/archives/bugtraq/2013-01/0063.html

trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf

trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

51.5%

JSON

Related for CVE-2012-5053