Sign-up

ID

VAR-202002-1406


CVE

CVE-2020-9032


TITLE

plural Symmetricom SyncServer Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002038

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.16

sources: NVD: CVE-2020-9032 // JVNDB: JVNDB-2020-002038 // CNVD: CNVD-2020-29591

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29591

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 2.4

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 2.4

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 2.4

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 2.4

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 2.4

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29591 // JVNDB: JVNDB-2020-002038 // CNNVD: CNNVD-202002-878 // NVD: CVE-2020-9032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9032
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002038
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-29591
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-878
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-9032
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002038
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29591
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9032
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002038
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29591 // JVNDB: JVNDB-2020-002038 // CNNVD: CNNVD-202002-878 // NVD: CVE-2020-9032

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-002038 // NVD: CVE-2020-9032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-878

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-878

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002038

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002038

EXTERNAL IDS
db:NVDid:CVE-2020-9032
Trust: 3.0
db:JVNDBid:JVNDB-2020-002038
Trust: 0.8
db:CNVDid:CNVD-2020-29591
Trust: 0.6
db:CNNVDid:CNNVD-202002-878
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29591 // 
            
            
            
            JVNDB: JVNDB-2020-002038 // 
            
            
            
            CNNVD: CNNVD-202002-878 // 
            
            
            
            NVD: CVE-2020-9032

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9032
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9032
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29591 // 
            
            
            
            JVNDB: JVNDB-2020-002038 // 
            
            
            
            CNNVD: CNNVD-202002-878 // 
            
            
            
            NVD: CVE-2020-9032

SOURCES
db:CNVDid:CNVD-2020-29591
db:JVNDBid:JVNDB-2020-002038
db:CNNVDid:CNNVD-202002-878
db:NVDid:CVE-2020-9032

LAST UPDATE DATE
2024-11-23T22:05:47.364000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29591date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-002038date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-878date:2020-02-20T00:00:00
db:NVDid:CVE-2020-9032date:2024-11-21T05:39:52.147

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29591date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-002038date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-878date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9032date:2020-02-17T04:15:11.640