CVE-2020-14021

Опубликовано: 18 сент. 2020

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.

Ссылки

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-Arbitrary%20File%20Read-Ozeki%20SMS%20Gateway
Exploit
Third Party Advisory
https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows
Release Notes
Vendor Advisory
https://www.ozeki.hu/index.php?owpn=231
Vendor Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-Arbitrary%20File%20Read-Ozeki%20SMS%20Gateway
Exploit
Third Party Advisory
https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows
Release Notes
Vendor Advisory
https://www.ozeki.hu/index.php?owpn=231
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ozeki:ozeki_ng_sms_gateway:*:*:*:*:*:*:*:*

Версия до 4.17.6 (включая)

EPSS

Процентиль: 60%

0.00401

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4p72-53xh-hr8g

github

больше 3 лет назад