CVE-2020-35488

{"id": "CVE-2020-35488", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-05T15:15:13.797", "references": [{"url": "https://github.com/GuillaumePetit84/CVE-2020-35488", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/nxlog-public/nxlog-ce/-/blob/master/ChangeLog.txt#L2", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)"}, {"lang": "es", "value": "El m\u00f3dulo fileop del servicio NXLog en NXLog Community Edition versi\u00f3n 2.10.2150, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de una carga \u00fatil de Syslog dise\u00f1ada para el servicio Syslog. Este ataque requiere una configuraci\u00f3n espec\u00edfica. Adem\u00e1s, el nombre del directorio creado debe usar un campo Syslog. (Por ejemplo, en Linux no es posible crear un directorio ... En Windows, no es posible crear un directorio CON)"}], "lastModified": "2022-04-29T12:45:33.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nxlog:nxlog:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "A32AB3C7-8386-4D09-A8B4-2017678E55AB", "versionEndExcluding": "3.0.2272"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}