Sign-up

ID

VAR-202002-1405


CVE

CVE-2020-9031


TITLE

plural Symmetricom SyncServer Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002037

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.16

sources: NVD: CVE-2020-9031 // JVNDB: JVNDB-2020-002037 // CNVD: CNVD-2020-29590

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29590

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 2.4

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 2.4

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 2.4

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 2.4

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 2.4

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29590 // JVNDB: JVNDB-2020-002037 // CNNVD: CNNVD-202002-879 // NVD: CVE-2020-9031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9031
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002037
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-29590
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-879
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9031
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002037
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29590
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9031
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002037
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29590 // JVNDB: JVNDB-2020-002037 // CNNVD: CNNVD-202002-879 // NVD: CVE-2020-9031

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-002037 // NVD: CVE-2020-9031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-879

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-879

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002037

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002037

EXTERNAL IDS
db:NVDid:CVE-2020-9031
Trust: 3.0
db:JVNDBid:JVNDB-2020-002037
Trust: 0.8
db:CNVDid:CNVD-2020-29590
Trust: 0.6
db:CNNVDid:CNNVD-202002-879
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29590 // 
            
            
            
            JVNDB: JVNDB-2020-002037 // 
            
            
            
            CNNVD: CNNVD-202002-879 // 
            
            
            
            NVD: CVE-2020-9031

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9031
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9031
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29590 // 
            
            
            
            JVNDB: JVNDB-2020-002037 // 
            
            
            
            CNNVD: CNNVD-202002-879 // 
            
            
            
            NVD: CVE-2020-9031

SOURCES
db:CNVDid:CNVD-2020-29590
db:JVNDBid:JVNDB-2020-002037
db:CNNVDid:CNNVD-202002-879
db:NVDid:CVE-2020-9031

LAST UPDATE DATE
2024-11-23T22:55:17.134000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29590date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-002037date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-879date:2020-02-20T00:00:00
db:NVDid:CVE-2020-9031date:2024-11-21T05:39:52.020

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29590date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-002037date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-879date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9031date:2020-02-17T04:15:11.577