CVE-2020-15858
Telit Cinterion IoT Traversal / Escalation / Bypass / Heap Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04
Algunos dispositivos de Thales DIS (anteriormente Gemalto, anteriormente Cinterion), permiten un Salto de Directorio a atacantes físicamente próximos. La comprobación de acceso de ruta del directorio del sistema de archivos flash interno puede ser omitido. Este sistema de archivos flash puede almacenar datos específicos de la aplicación y los datos necesarios para las aplicaciones Java del cliente, la funcionalidad TLS y OTAP (aprovisionamiento por aire de Java). Los productos y versiones afectados son: BGS5 versión hasta e incluyendo a SW RN 02.000 / ARN 01.001.06, EHSx y PDSx versión hasta e incluyendo a SW RN 04.003 / ARN 01.000.04, ELS61 versión hasta e incluyendo a SW RN 02.002 / ARN 01.000.04, ELS81 versión hasta e incluyendo a SW RN 05.002 / ARN 01.000.04, PLS62 versión hasta e incluyendo a SW RN 02.000 / ARN 01.000.04
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-20 CVE Reserved
- 2020-08-21 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/171978/Telit-Cinterion-IoT-Traversal-Escalation-Bypass-Heap-Overflow.html |
|
|
| http://seclists.org/fulldisclosure/2023/Apr/11 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Thalesgroup Search vendor "Thalesgroup" | Bgs5 Firmware Search vendor "Thalesgroup" for product "Bgs5 Firmware" | <= rn_02.000_\/_arn_01.001.06 Search vendor "Thalesgroup" for product "Bgs5 Firmware" and version " <= rn_02.000_\/_arn_01.001.06" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Bgs5 Search vendor "Thalesgroup" for product "Bgs5" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Ehs5 Firmware Search vendor "Thalesgroup" for product "Ehs5 Firmware" | <= rn_04.003_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Ehs5 Firmware" and version " <= rn_04.003_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Ehs5 Search vendor "Thalesgroup" for product "Ehs5" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Ehs8 Firmware Search vendor "Thalesgroup" for product "Ehs8 Firmware" | <= rn_04.003_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Ehs8 Firmware" and version " <= rn_04.003_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Ehs8 Search vendor "Thalesgroup" for product "Ehs8" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Ehs6 Firmware Search vendor "Thalesgroup" for product "Ehs6 Firmware" | <= rn_04.003_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Ehs6 Firmware" and version " <= rn_04.003_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Ehs6 Search vendor "Thalesgroup" for product "Ehs6" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Pds5 Firmware Search vendor "Thalesgroup" for product "Pds5 Firmware" | <= rn_04.003_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Pds5 Firmware" and version " <= rn_04.003_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Pds5 Search vendor "Thalesgroup" for product "Pds5" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Pds6 Firmware Search vendor "Thalesgroup" for product "Pds6 Firmware" | <= rn_04.003_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Pds6 Firmware" and version " <= rn_04.003_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Pds6 Search vendor "Thalesgroup" for product "Pds6" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Els61 Firmware Search vendor "Thalesgroup" for product "Els61 Firmware" | <= rn_02.002_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Els61 Firmware" and version " <= rn_02.002_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Els61 Search vendor "Thalesgroup" for product "Els61" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Els81 Firmware Search vendor "Thalesgroup" for product "Els81 Firmware" | <= rn_05.002_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Els81 Firmware" and version " <= rn_05.002_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Els81 Search vendor "Thalesgroup" for product "Els81" | - | - |
Safe
|
| Thalesgroup Search vendor "Thalesgroup" | Pls62 Firmware Search vendor "Thalesgroup" for product "Pls62 Firmware" | <= rn_02.000_\/_arn_01.000.04 Search vendor "Thalesgroup" for product "Pls62 Firmware" and version " <= rn_02.000_\/_arn_01.000.04" | - |
Affected
| in | Thalesgroup Search vendor "Thalesgroup" | Pls62 Search vendor "Thalesgroup" for product "Pls62" | - | - |
Safe
|