CVE-2020-9029
 
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
Los dispositivos Symmetricom SyncServer S100 versión 2.90.70.3, S200 versión 1.30, S250 versión 1.25, S300 versión 2.65.0 y S350 versión 2.80.1, permiten un Salto de Directorio por medio del parámetro FileName a un archivo messagelog.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-17 CVE Reserved
- 2020-02-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microchip Search vendor "Microchip" | Syncserver S100 Firmware Search vendor "Microchip" for product "Syncserver S100 Firmware" | 2.90.70.3 Search vendor "Microchip" for product "Syncserver S100 Firmware" and version "2.90.70.3" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S100 Search vendor "Microchip" for product "Syncserver S100" | - | - |
Safe
|
Microchip Search vendor "Microchip" | Syncserver S200 Firmware Search vendor "Microchip" for product "Syncserver S200 Firmware" | 1.30 Search vendor "Microchip" for product "Syncserver S200 Firmware" and version "1.30" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S200 Search vendor "Microchip" for product "Syncserver S200" | - | - |
Safe
|
Microchip Search vendor "Microchip" | Syncserver S250 Firmware Search vendor "Microchip" for product "Syncserver S250 Firmware" | 1.25 Search vendor "Microchip" for product "Syncserver S250 Firmware" and version "1.25" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S250 Search vendor "Microchip" for product "Syncserver S250" | - | - |
Safe
|
Microchip Search vendor "Microchip" | Syncserver S300 Firmware Search vendor "Microchip" for product "Syncserver S300 Firmware" | 2.65.0 Search vendor "Microchip" for product "Syncserver S300 Firmware" and version "2.65.0" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S300 Search vendor "Microchip" for product "Syncserver S300" | - | - |
Safe
|
Microchip Search vendor "Microchip" | Syncserver S350 Firmware Search vendor "Microchip" for product "Syncserver S350 Firmware" | 2.80.1 Search vendor "Microchip" for product "Syncserver S350 Firmware" and version "2.80.1" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S350 Search vendor "Microchip" for product "Syncserver S350" | - | - |
Safe
|