CVE-2020-29026

{"id": "CVE-2020-29026", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2021-02-15T16:15:14.527", "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/#2918", "tags": ["Vendor Advisory"], "source": "VulnerabilityReporting@secomea.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de salto de directorio en la funci\u00f3n file upload del GateManager que permite a un atacante autenticado con permisos administrativos leer y escribir archivos arbitrarios en el sistema de archivos de Linux. Este problema afecta a: GateManager todas las versiones anteriores a 9.2c"}], "lastModified": "2021-02-22T21:30:16.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "961FED65-FA19-40DA-8DEB-5950D67FE5AA", "versionEndExcluding": "9.2c"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5089C475-2013-4DF6-AD1E-12F576ACAE8E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1FB8107-437D-4900-BA64-2928E33A13C2", "versionEndExcluding": "9.0i"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0DB6136A-5440-4980-940D-CD178DC219B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE7495A8-DCDD-4CE8-9D32-85BC9C5A4288", "versionEndExcluding": "9.0i"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B546E62-81BB-4ED8-87C9-41BD79484AD0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B1EB5FA-451C-45E2-8D5F-7E88995D06BF", "versionEndExcluding": "9.0i"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68DE2092-2EA1-4D49-84EB-20BE2CD7B113"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com"}