Sign-up

ID

VAR-202002-1407


CVE

CVE-2020-9033


TITLE

plural Symmetricom SyncServer Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002033

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. plural Symmetricom SyncServer A path traversal vulnerability exists in the device.Information may be obtained and tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.25

sources: NVD: CVE-2020-9033 // JVNDB: JVNDB-2020-002033 // CNVD: CNVD-2020-29569 // VULMON: CVE-2020-9033

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29569

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 2.4

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 2.4

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 2.4

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 2.4

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 2.4

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29569 // JVNDB: JVNDB-2020-002033 // CNNVD: CNNVD-202002-876 // NVD: CVE-2020-9033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9033
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002033
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-29569
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-876
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-9033
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9033
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-002033
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29569
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9033
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002033
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29569 // VULMON: CVE-2020-9033 // JVNDB: JVNDB-2020-002033 // CNNVD: CNNVD-202002-876 // NVD: CVE-2020-9033

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-002033 // NVD: CVE-2020-9033

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-876

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202002-876

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002033

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002033

EXTERNAL IDS
db:NVDid:CVE-2020-9033
Trust: 3.1
db:JVNDBid:JVNDB-2020-002033
Trust: 0.8
db:CNVDid:CNVD-2020-29569
Trust: 0.6
db:CNNVDid:CNNVD-202002-876
Trust: 0.6
db:VULMONid:CVE-2020-9033
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-29569 // 
            
            
            
            VULMON: CVE-2020-9033 // 
            
            
            
            JVNDB: JVNDB-2020-002033 // 
            
            
            
            CNNVD: CNNVD-202002-876 // 
            
            
            
            NVD: CVE-2020-9033

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9033
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9033
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-29569 // 
            
            
            
            VULMON: CVE-2020-9033 // 
            
            
            
            JVNDB: JVNDB-2020-002033 // 
            
            
            
            CNNVD: CNNVD-202002-876 // 
            
            
            
            NVD: CVE-2020-9033

SOURCES
db:CNVDid:CNVD-2020-29569
db:VULMONid:CVE-2020-9033
db:JVNDBid:JVNDB-2020-002033
db:CNNVDid:CNNVD-202002-876
db:NVDid:CVE-2020-9033

LAST UPDATE DATE
2024-11-23T23:08:05.350000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29569date:2020-05-23T00:00:00
db:VULMONid:CVE-2020-9033date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002033date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-876date:2020-02-24T00:00:00
db:NVDid:CVE-2020-9033date:2024-11-21T05:39:52.267

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29569date:2020-05-22T00:00:00
db:VULMONid:CVE-2020-9033date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2020-002033date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-202002-876date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9033date:2020-02-17T04:15:11.717