Sign-up

ID

VAR-202006-0115


CVE

CVE-2020-13227


TITLE

Codeorigin Sysax Multi Server Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-36619 // CNNVD: CNNVD-202006-256

DESCRIPTION

An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. Codeorigin Sysax Multi Server is an FTP (File Transfer Protocol) server and Shell server for Windows system of American Codeorigin company. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.16

sources: NVD: CVE-2020-13227 // JVNDB: JVNDB-2020-005930 // CNVD: CNVD-2020-36619

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-36619

AFFECTED PRODUCTS

vendor:codeoriginmodel:sysax multi serverscope:eqversion:6.90

Trust: 1.4

vendor:sysaxmodel:multi serverscope:eqversion:6.90

Trust: 1.0

sources: CNVD: CNVD-2020-36619 // JVNDB: JVNDB-2020-005930 // NVD: CVE-2020-13227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13227
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005930
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-36619
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-256
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-13227
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005930
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-36619
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-13227
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005930
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-36619 // JVNDB: JVNDB-2020-005930 // CNNVD: CNNVD-202006-256 // NVD: CVE-2020-13227

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-005930 // NVD: CVE-2020-13227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-256

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202006-256

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005930

PATCH
title:Top Pageurl:https://www.sysax.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005930

EXTERNAL IDS
db:NVDid:CVE-2020-13227
Trust: 3.0
db:JVNDBid:JVNDB-2020-005930
Trust: 0.8
db:CNVDid:CNVD-2020-36619
Trust: 0.6
db:CNNVDid:CNNVD-202006-256
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36619 // 
            
            
            
            JVNDB: JVNDB-2020-005930 // 
            
            
            
            CNNVD: CNNVD-202006-256 // 
            
            
            
            NVD: CVE-2020-13227

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-13227
Trust: 2.0
url:https://github.com/wrongsid3
Trust: 1.6
url:https://github.com/wrongsid3/sysax-multiserver-6.90-multiple-vulnerabilities/blob/master/readme.md
Trust: 1.6
url:https://pasteboard.co/j9ef12g.png
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13227
Trust: 0.8
url:https://github.com/wrongsid3/sysax-multiserver-6.90-multiple-vulnerabilities
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-36619 // 
            
            
            
            JVNDB: JVNDB-2020-005930 // 
            
            
            
            CNNVD: CNNVD-202006-256 // 
            
            
            
            NVD: CVE-2020-13227

SOURCES
db:CNVDid:CNVD-2020-36619
db:JVNDBid:JVNDB-2020-005930
db:CNNVDid:CNNVD-202006-256
db:NVDid:CVE-2020-13227

LAST UPDATE DATE
2024-11-23T22:51:21.215000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-36619date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-005930date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202006-256date:2020-06-03T00:00:00
db:NVDid:CVE-2020-13227date:2024-11-21T05:00:50.540

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-36619date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-005930date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202006-256date:2020-06-02T00:00:00
db:NVDid:CVE-2020-13227date:2020-06-02T14:15:10.567