Lucene search

[email protected]NVD:CVE-2020-17385

HistoryAug 25, 2020 - 8:15 a.m.

CVE-2020-17385

2020-08-2508:15:10

CWE-22

[email protected]

web.nvd.nist.gov

cellopoint cellos

url input validation

path traversal attack

cve-2020-17385

unauthorized access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

64.7%

JSON

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.

Affected configurations

Nvd

Node

cellopointcellosMatch4.1.10build20190922

VendorProductVersionCPE
cellopointcellos4.1.10cpe:2.3:o:cellopoint:cellos:4.1.10:build20190922:*:*:*:*:*:*

Vendor	Product	Version	CPE
cellopoint	cellos	4.1.10	cpe:2.3:o:cellopoint:cellos:4.1.10:build20190922::::::

References

www.twcert.org.tw/tw/cp-132-3846-7790c-1.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

64.7%

JSON

Related for NVD:CVE-2020-17385

prion1 cve1 cvelist1