Lucene search

[email protected]NVD:CVE-2020-9032

HistoryFeb 17, 2020 - 4:15 a.m.

CVE-2020-9032

2020-02-1704:15:11

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.

Affected configurations

Nvd

Node

microchipsyncserver_s100_firmwareMatch2.90.70.3

AND

microchipsyncserver_s100Match-

Node

microchipsyncserver_s200_firmwareMatch1.30

AND

microchipsyncserver_s200Match-

Node

microchipsyncserver_s250_firmwareMatch1.25

AND

microchipsyncserver_s250Match-

Node

microchipsyncserver_s300_firmwareMatch2.65.0

AND

microchipsyncserver_s300Match-

Node

microchipsyncserver_s350_firmwareMatch2.80.1

AND

microchipsyncserver_s350Match-

VendorProductVersionCPE
microchipsyncserver_s100_firmware2.90.70.3cpe:2.3:o:microchip:syncserver_s100_firmware:2.90.70.3:*:*:*:*:*:*:*
microchipsyncserver_s100-cpe:2.3:h:microchip:syncserver_s100:-:*:*:*:*:*:*:*
microchipsyncserver_s200_firmware1.30cpe:2.3:o:microchip:syncserver_s200_firmware:1.30:*:*:*:*:*:*:*
microchipsyncserver_s200-cpe:2.3:h:microchip:syncserver_s200:-:*:*:*:*:*:*:*
microchipsyncserver_s250_firmware1.25cpe:2.3:o:microchip:syncserver_s250_firmware:1.25:*:*:*:*:*:*:*
microchipsyncserver_s250-cpe:2.3:h:microchip:syncserver_s250:-:*:*:*:*:*:*:*
microchipsyncserver_s300_firmware2.65.0cpe:2.3:o:microchip:syncserver_s300_firmware:2.65.0:*:*:*:*:*:*:*
microchipsyncserver_s300-cpe:2.3:h:microchip:syncserver_s300:-:*:*:*:*:*:*:*
microchipsyncserver_s350_firmware2.80.1cpe:2.3:o:microchip:syncserver_s350_firmware:2.80.1:*:*:*:*:*:*:*
microchipsyncserver_s350-cpe:2.3:h:microchip:syncserver_s350:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microchip	syncserver_s100_firmware	2.90.70.3	cpe:2.3:o:microchip:syncserver_s100_firmware:2.90.70.3:::::::*
microchip	syncserver_s100	-	cpe:2.3:h:microchip:syncserver_s100:-:::::::*
microchip	syncserver_s200_firmware	1.30	cpe:2.3:o:microchip:syncserver_s200_firmware:1.30:::::::*
microchip	syncserver_s200	-	cpe:2.3:h:microchip:syncserver_s200:-:::::::*
microchip	syncserver_s250_firmware	1.25	cpe:2.3:o:microchip:syncserver_s250_firmware:1.25:::::::*
microchip	syncserver_s250	-	cpe:2.3:h:microchip:syncserver_s250:-:::::::*
microchip	syncserver_s300_firmware	2.65.0	cpe:2.3:o:microchip:syncserver_s300_firmware:2.65.0:::::::*
microchip	syncserver_s300	-	cpe:2.3:h:microchip:syncserver_s300:-:::::::*
microchip	syncserver_s350_firmware	2.80.1	cpe:2.3:o:microchip:syncserver_s350_firmware:2.80.1:::::::*
microchip	syncserver_s350	-	cpe:2.3:h:microchip:syncserver_s350:-:::::::*

References

sku11army.blogspot.com/2020/01/symmetricom-syncserver.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Related for NVD:CVE-2020-9032

prion1 cve1 cvelist1