PT-2020-19322 · Honeywell · Honeywell Notifier Web Server

Published

2020-04-07

Updated

2020-04-09

CVE-2020-6974

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Honeywell Notifier Web Server (NWS) version 3.50

Description The issue allows an attacker to bypass access to restricted directories through a path traversal attack. Honeywell has released a firmware update to address the problem.

Recommendations For Honeywell Notifier Web Server (NWS) version 3.50, apply the firmware update released by Honeywell to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-6974

Affected Products

Honeywell Notifier Web Server

PT-2020-19322 · Honeywell · Honeywell Notifier Web Server

CVE-2020-6974

Weakness Enumeration

Related Identifiers

Affected Products

References · 4