CVE-2020-11420

Опубликовано: 27 апр. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.

Ссылки

https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf
Vendor Advisory
https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249
Release Notes
Vendor Advisory
https://www.generex.de/support/changelogs/cs141/page:2
Release Notes
Vendor Advisory
https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-005913%20Security%20Advisory%20CS141.pdf
Vendor Advisory
https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249
Release Notes
Vendor Advisory
https://www.generex.de/support/changelogs/cs141/page:2
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abb:cs141_firmware:*:*:*:*:*:*:*:*

Версия от 1.66 (включая) до 1.88 (включая)

cpe:2.3:h:abb:cs141:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*

Версия до 1.90 (исключая)

cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00586

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-x4r3-6m89-mjv9

github

больше 3 лет назад