Sign-up

ID

VAR-202002-1346


CVE

CVE-2020-9029


TITLE

plural Symmetricom SyncServer Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002042

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.16

sources: NVD: CVE-2020-9029 // JVNDB: JVNDB-2020-002042 // CNVD: CNVD-2020-29566

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29566

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 2.4

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 2.4

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 2.4

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 2.4

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 2.4

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29566 // JVNDB: JVNDB-2020-002042 // CNNVD: CNNVD-202002-882 // NVD: CVE-2020-9029

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9029
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002042
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-29566
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-882
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9029
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002042
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29566
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9029
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002042
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29566 // JVNDB: JVNDB-2020-002042 // CNNVD: CNNVD-202002-882 // NVD: CVE-2020-9029

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-002042 // NVD: CVE-2020-9029

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-882

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-882

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002042

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002042

EXTERNAL IDS
db:NVDid:CVE-2020-9029
Trust: 3.0
db:JVNDBid:JVNDB-2020-002042
Trust: 0.8
db:CNVDid:CNVD-2020-29566
Trust: 0.6
db:CNNVDid:CNNVD-202002-882
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29566 // 
            
            
            
            JVNDB: JVNDB-2020-002042 // 
            
            
            
            CNNVD: CNNVD-202002-882 // 
            
            
            
            NVD: CVE-2020-9029

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9029
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9029
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29566 // 
            
            
            
            JVNDB: JVNDB-2020-002042 // 
            
            
            
            CNNVD: CNNVD-202002-882 // 
            
            
            
            NVD: CVE-2020-9029

SOURCES
db:CNVDid:CNVD-2020-29566
db:JVNDBid:JVNDB-2020-002042
db:CNNVDid:CNNVD-202002-882
db:NVDid:CVE-2020-9029

LAST UPDATE DATE
2024-11-23T22:25:36.203000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29566date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-002042date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-882date:2020-02-20T00:00:00
db:NVDid:CVE-2020-9029date:2024-11-21T05:39:51.770

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29566date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-002042date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-882date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9029date:2020-02-17T04:15:11.420