Lucene search

SecomeaCVE-2020-29022

HistoryFeb 16, 2021 - 4:15 p.m.

CVE-2020-29022

2021-02-1616:15:12

CWE-159

Secomea

web.nvd.nist.gov

cve

2020

29022

failure

sanitize

host

header

gatemanager

web server

cache

poisoning

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3

Affected configurations

Nvd

Node

secomeagatemanager_4250Match-

AND

secomeagatemanager_4250_firmware

Node

secomeagatemanager_4260Match-

AND

secomeagatemanager_4260_firmware

Node

secomeagatemanager_9250Match-

AND

secomeagatemanager_9250_firmware

Node

secomeagatemanager_8250Match-

AND

secomeagatemanager_8250_firmwareRange<9.3

VendorProductVersionCPE
secomeagatemanager_4250-cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*
secomeagatemanager_4250_firmware*cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*
secomeagatemanager_4260-cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*
secomeagatemanager_4260_firmware*cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*
secomeagatemanager_9250-cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*
secomeagatemanager_9250_firmware*cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*
secomeagatemanager_8250-cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*
secomeagatemanager_8250_firmware*cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
secomea	gatemanager_4250	-	cpe:2.3:h:secomea:gatemanager_4250:-:::::::*
secomea	gatemanager_4250_firmware	*	cpe:2.3:o:secomea:gatemanager_4250_firmware::::::::
secomea	gatemanager_4260	-	cpe:2.3:h:secomea:gatemanager_4260:-:::::::*
secomea	gatemanager_4260_firmware	*	cpe:2.3:o:secomea:gatemanager_4260_firmware::::::::
secomea	gatemanager_9250	-	cpe:2.3:h:secomea:gatemanager_9250:-:::::::*
secomea	gatemanager_9250_firmware	*	cpe:2.3:o:secomea:gatemanager_9250_firmware::::::::
secomea	gatemanager_8250	-	cpe:2.3:h:secomea:gatemanager_8250:-:::::::*
secomea	gatemanager_8250_firmware	*	cpe:2.3:o:secomea:gatemanager_8250_firmware::::::::

CNA Affected

[
  {
    "product": "GateManager",
    "vendor": "Secomea",
    "versions": [
      {
        "lessThan": "9.3",
        "status": "affected",
        "version": "all",
        "versionType": "custom"
      }
    ]
  }
]

References

www.secomea.com/support/cybersecurity-advisory/#2923

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Related for CVE-2020-29022