CVE编号
CVE-2020-14497利用情况
暂无补丁情况
N/A披露时间
2020-07-15漏洞描述
Advantech iView是Advantech公司提供的一款设备管理应用。<br /> Advantech iView 5.6及之前版本中存在SQL注入漏洞。攻击者可利用该漏洞获取用户凭据,读取或修改信息,并执行代码。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://support.advantech.com/support/KnowledgeBaseSRDetail_New.aspx?SR_ID=1-HIPU-181&Doc_Source=Knowledge+Base
参考链接 |
|
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-827/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-828/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-830/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-832/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-833/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-835/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-836/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-837/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-838/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-839/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-842/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-843/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-844/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-845/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-846/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-847/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-848/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-849/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-850/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-851/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-852/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-853/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-854/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-855/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-856/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-857/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-858/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-860/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-861/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-862/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-863/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-864/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-865/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-866/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-868/ | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-869/ |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | advantech | iview | * |
Up to (including) 5.6 |
|||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
还没有评论,来说两句吧...