XSS in Digi Connectport_lts_32_mei
CVE-2020-6973
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.008 (53.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H.
Affected products
- Digi Connectport_lts_32_mei
- Digi Connectport_lts_32_mei_bios — versions 1.2
- Digi Connectport_lts_32_mei_firmware — versions 1.4.3
- N/a Digi International Connectport Lts 32 Mei — versions Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-6973?
- CVE-2020-6973 is a medium-severity vulnerability in Digi Connectport_lts_32_mei, classified under Cross-site Scripting. CVSS score: 6.2/10. Published 2020-02-13.
- How severe is CVE-2020-6973?
- Medium severity. CVSS v3 base score is 6.2 out of 10.