CVE-2020-29145 : What You Need to Know
Learn about CVE-2020-29145, a stored XSS vulnerability in Ericsson BSCS iX R18 Billing & Rating iX R18, enabling account takeover and session hijacking. Find mitigation steps and prevention measures.
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module that is vulnerable to stored XSS, potentially leading to account takeover and session hijacking.
Understanding CVE-2020-29145
What is CVE-2020-29145?
This CVE identifies a stored XSS vulnerability in the ADMX web base module of Ericsson BSCS iX R18 Billing & Rating iX R18.
The Impact of CVE-2020-29145
The vulnerability allows attackers to execute malicious scripts via the name or description field, enabling session hijacking and potential account takeover.
Technical Details of CVE-2020-29145
Vulnerability Description
The vulnerability exists in the solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group, allowing for stored XSS attacks.
Affected Systems and Versions
- Product: Not applicable
- Vendor: Not applicable
- Versions: Not applicable
Exploitation Mechanism
- Attackers can exploit the vulnerability by injecting malicious scripts into the name or description field, potentially leading to session hijacking and account takeover.
Mitigation and Prevention
Immediate Steps to Take
- Implement input validation to sanitize user inputs and prevent XSS attacks.
- Regularly monitor and audit web applications for any suspicious activities.
Long-Term Security Practices
- Conduct regular security training for developers and administrators on secure coding practices.
- Keep systems and software up to date with the latest security patches.
- Employ web application firewalls to detect and block malicious traffic.
Patching and Updates
- Apply patches and updates provided by Ericsson to address the vulnerability.