Sign-up

ID

VAR-202002-1408


CVE

CVE-2020-9034


TITLE

plural Symmetricom SyncServer Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002223

DESCRIPTION

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. plural Symmetricom SyncServer The product contains an input verification vulnerability.Information may be tampered with. Microsemi Symmetricom SyncServer S100 is a network time server of Microsemi Corporation of America. There are security vulnerabilities in many Symmetricom products. The vulnerability stems from the program's failure to properly handle the verification of the call back. Attackers can use this vulnerability to delete, modify, or delete users without authentication

Trust: 2.16

sources: NVD: CVE-2020-9034 // JVNDB: JVNDB-2020-002223 // CNVD: CNVD-2020-29570

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29570

AFFECTED PRODUCTS

vendor:microchipmodel:syncserver s300scope:eqversion:2.65.0

Trust: 1.6

vendor:microchipmodel:syncserver s100scope:eqversion:2.90.70.3

Trust: 1.6

vendor:microchipmodel:syncserver s200scope:eqversion:1.30

Trust: 1.6

vendor:microchipmodel:syncserver s250scope:eqversion:1.25

Trust: 1.6

vendor:microchipmodel:syncserver s350scope:eqversion:2.80.1

Trust: 1.6

vendor:microchipmodel:syncserver s100scope: - version: -

Trust: 0.8

vendor:microchipmodel:syncserver s200scope: - version: -

Trust: 0.8

vendor:microchipmodel:syncserver s250scope: - version: -

Trust: 0.8

vendor:microchipmodel:syncserver s300scope: - version: -

Trust: 0.8

vendor:microchipmodel:syncserver s350scope: - version: -

Trust: 0.8

vendor:microsemimodel:symmetricom syncserver s100scope:eqversion:2.90.70.3

Trust: 0.6

vendor:microsemimodel:syncserver s250scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s200scope:eqversion:1.30

Trust: 0.6

vendor:microsemimodel:syncserver s350scope:eqversion:2.80.1

Trust: 0.6

vendor:microsemimodel:syncserver s300scope:eqversion:2.65.0

Trust: 0.6

vendor:microchipmodel:syncserver s250scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s200scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s300scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s100scope:eqversion: -

Trust: 0.6

vendor:microchipmodel:syncserver s350scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-29570 // JVNDB: JVNDB-2020-002223 // CNNVD: CNNVD-202002-875 // NVD: CVE-2020-9034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9034
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002223
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-29570
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-875
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9034
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002223
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29570
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9034
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002223
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29570 // JVNDB: JVNDB-2020-002223 // CNNVD: CNNVD-202002-875 // NVD: CVE-2020-9034

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-002223 // NVD: CVE-2020-9034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-875

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-875

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002223

PATCH
title:Top Pageurl:https://www.microchip.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002223

EXTERNAL IDS
db:NVDid:CVE-2020-9034
Trust: 3.0
db:JVNDBid:JVNDB-2020-002223
Trust: 0.8
db:CNVDid:CNVD-2020-29570
Trust: 0.6
db:CNNVDid:CNNVD-202002-875
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29570 // 
            
            
            
            JVNDB: JVNDB-2020-002223 // 
            
            
            
            CNNVD: CNNVD-202002-875 // 
            
            
            
            NVD: CVE-2020-9034

REFERENCES
url:https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_27.html
Trust: 3.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9034
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9034
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29570 // 
            
            
            
            JVNDB: JVNDB-2020-002223 // 
            
            
            
            CNNVD: CNNVD-202002-875 // 
            
            
            
            NVD: CVE-2020-9034

SOURCES
db:CNVDid:CNVD-2020-29570
db:JVNDBid:JVNDB-2020-002223
db:CNNVDid:CNNVD-202002-875
db:NVDid:CVE-2020-9034

LAST UPDATE DATE
2024-11-23T23:01:31.291000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29570date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-002223date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-875date:2020-02-27T00:00:00
db:NVDid:CVE-2020-9034date:2024-11-21T05:39:52.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29570date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-002223date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-875date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9034date:2020-02-17T03:15:10.783