Sign-up

ID

VAR-202002-1404


CVE

CVE-2020-9030


TITLE

plural Symmetricom SyncServer Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002036

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.16

sources: NVD: CVE-2020-9030 // JVNDB: JVNDB-2020-002036 // CNVD: CNVD-2020-29592

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29592

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 2.4

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 2.4

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 2.4

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 2.4

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 2.4

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29592 // JVNDB: JVNDB-2020-002036 // CNNVD: CNNVD-202002-877 // NVD: CVE-2020-9030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9030
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002036
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-29592
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-877
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9030
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002036
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29592
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9030
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002036
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29592 // JVNDB: JVNDB-2020-002036 // CNNVD: CNNVD-202002-877 // NVD: CVE-2020-9030

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-002036 // NVD: CVE-2020-9030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-877

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-877

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002036

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002036

EXTERNAL IDS
db:NVDid:CVE-2020-9030
Trust: 3.0
db:JVNDBid:JVNDB-2020-002036
Trust: 0.8
db:CNVDid:CNVD-2020-29592
Trust: 0.6
db:CNNVDid:CNNVD-202002-877
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29592 // 
            
            
            
            JVNDB: JVNDB-2020-002036 // 
            
            
            
            CNNVD: CNNVD-202002-877 // 
            
            
            
            NVD: CVE-2020-9030

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9030
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9030
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29592 // 
            
            
            
            JVNDB: JVNDB-2020-002036 // 
            
            
            
            CNNVD: CNNVD-202002-877 // 
            
            
            
            NVD: CVE-2020-9030

SOURCES
db:CNVDid:CNVD-2020-29592
db:JVNDBid:JVNDB-2020-002036
db:CNNVDid:CNNVD-202002-877
db:NVDid:CVE-2020-9030

LAST UPDATE DATE
2024-11-23T22:29:46.120000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29592date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-002036date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-877date:2020-02-24T00:00:00
db:NVDid:CVE-2020-9030date:2024-11-21T05:39:51.897

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29592date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-002036date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-877date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9030date:2020-02-17T04:15:11.500