CVE-2020-25189
published 2020-11-21CVE-2020-25189: The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.54%
83.0th percentile
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paradox | ip150_firmware | — | — |
| paradox | ip150_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device is Paradox IP150 firmware version 5.02.09; detect exploitation attempts as unauthenticated remote stack-based buffer overflow traffic directed at IP150 devices on the network ↗
- →CVE-2020-25189 requires no authentication (PR:N, UI:N per CVSS vector); any unauthenticated inbound connection to an IP150 device should be treated as suspicious and monitored for oversized input payloads indicative of buffer overflow attempts ↗
- ·Update A broadened the affected scope from only firmware version 5.02.09 to ALL firmware versions of the Paradox IP150; detection and patching scope should cover all deployed firmware versions, not just 5.02.09 ↗
- ·No known public exploits specifically target these vulnerabilities at time of advisory publication; however, the low attack complexity (AC:L) and no-authentication requirement make exploitation straightforward if a device is internet-exposed ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Paradox IP150 (Update A)
cisa_ics·2021-11-17·CVSS 8.8
[HIGH] Paradox IP150 (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Paradox IP150 (Update A)
Last RevisedSeptember 19, 2022
Alert CodeICSA-20-324-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Paradox
- Equipment: IP150
- Vulnerabilities: Stack-based Buffer Overflow, Classic Buffer Overflow
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSMA-20-324-02 Paradox IP150 that was published November 17, 2021, to the ICS webpage at www.cisa.gov/uscert.
## 3. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow
GHSA
GHSA-jqwj-jqv8-9wmv: The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary co
ghsa_unreviewed·2022-05-24
CVE-2020-25189 [CRITICAL] CWE-121 GHSA-jqwj-jqv8-9wmv: The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary co
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-21
Published