Lucene search

[email protected]NVD:CVE-2020-25174

HistoryNov 06, 2020 - 5:15 p.m.

CVE-2020-25174

2020-11-0617:15:12

CWE-427

[email protected]

web.nvd.nist.gov

dll hijacking

b. braun onlinesuite

local attackers

code execution

high privileged user.

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

31.9%

JSON

A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.

Affected configurations

Nvd

Node

bbraunonlinesuite_application_packageRange≤3.0

VendorProductVersionCPE
bbraunonlinesuite_application_package*cpe:2.3:a:bbraun:onlinesuite_application_package:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bbraun	onlinesuite_application_package	*	cpe:2.3:a:bbraun:onlinesuite_application_package::::::::

References

us-cert.cisa.gov/ics/advisories/icsma-20-296-01

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

31.9%

JSON

Related for NVD:CVE-2020-25174

cvelist1 prion1 cve1 ics1