Details of VAR-202009-0285

ID

VAR-202009-0285

CVE

CVE-2020-14026

TITLE

Ozeki NG SMS Gateway In CSV Vulnerability in neutralizing mathematical elements in files

Trust: 0.8

sources: JVNDB: JVNDB-2020-011459

DESCRIPTION

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. Ozeki NG SMS Gateway Has CSV A vulnerability exists regarding the neutralization of mathematical elements in files.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Ozeki NG SMS Gateway (Ozeki NG SMS Gateway) is a software from serials that allows you to access mobile networks through your computer. The program can convert your incoming emails to SMS and send them to your mobile phone. Ozeki NG SMS Gateway is very reliable and operates 24 hours a day, 7 days a week. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc

Trust: 1.8

sources: NVD: CVE-2020-14026 // JVNDB: JVNDB-2020-011459 // VULHUB: VHN-166863 // VULMON: CVE-2020-14026

AFFECTED PRODUCTS

vendor:	ozeki	model:	ng sms gateway	scope:	lte	version:	4.17.6	Trust: 1.0
vendor:	ozeki	model:	ng-sms gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	ozeki	model:	ng-sms gateway	scope:	lte	version:	4.17.6 until	Trust: 0.8

sources: JVNDB: JVNDB-2020-011459 // NVD: CVE-2020-14026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14026
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14026
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-1331
value:	HIGH
Trust: 0.6
VULHUB:	VHN-166863
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-14026
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-14026
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-166863
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-14026
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14026
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-166863 // VULMON: CVE-2020-14026 // JVNDB: JVNDB-2020-011459 // CNNVD: CNNVD-202009-1331 // NVD: CVE-2020-14026

PROBLEMTYPE DATA

problemtype:	CWE-1236	Trust: 1.0
problemtype:	CSV Improper neutralization of mathematical elements in the file (CWE-1236) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011459 // NVD: CVE-2020-14026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1331

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-1331

PATCH

title:	Download Ozeki Software Products	url:	http://www.ozeki.hu/index.php?owpn=231	Trust: 0.8
title:	Ozeki NG SMS Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129300	Trust: 0.6

sources: JVNDB: JVNDB-2020-011459 // CNNVD: CNNVD-202009-1331

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14026	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-011459	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-1331	Trust: 0.7
db:	CNVD	id:	CNVD-2020-53531	Trust: 0.1
db:	VULHUB	id:	VHN-166863	Trust: 0.1
db:	VULMON	id:	CVE-2020-14026	Trust: 0.1

sources: VULHUB: VHN-166863 // VULMON: CVE-2020-14026 // JVNDB: JVNDB-2020-011459 // CNNVD: CNNVD-202009-1331 // NVD: CVE-2020-14026

REFERENCES

url:	https://github.com/drunkenshells/disclosures/tree/master/cve-2020-14026-formula%20injection-ozeki%20sms%20gateway	Trust: 2.6
url:	https://www.ozeki.hu/index.php?owpn=231	Trust: 1.8
url:	https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2fattachments%2f702%2finstallwindows_1590575794_ozeking-sms-gateway_4.17.6.zip&dname=ozeki+ng+sms+gateway+v4.17.6&dsize=+%2817.8+mb%29&platform=windows	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14026	Trust: 1.4
url:	https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2fattachments%2f702%2finstallwindows_1590575794_ozeking-sms-gateway_4.17.6.zip&dname=ozeki+ng+sms+gateway+v4.17.6&dsize=+%2817.8+mb%29&platform=windows	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/1236.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-166863 // VULMON: CVE-2020-14026 // JVNDB: JVNDB-2020-011459 // CNNVD: CNNVD-202009-1331 // NVD: CVE-2020-14026

SOURCES

db:	VULHUB	id:	VHN-166863
db:	VULMON	id:	CVE-2020-14026
db:	JVNDB	id:	JVNDB-2020-011459
db:	CNNVD	id:	CNNVD-202009-1331
db:	NVD	id:	CVE-2020-14026

LAST UPDATE DATE

2024-11-23T22:25:22.551000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-166863	date:	2020-09-26T00:00:00
db:	VULMON	id:	CVE-2020-14026	date:	2020-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-011459	date:	2021-04-02T07:53:00
db:	CNNVD	id:	CNNVD-202009-1331	date:	2020-09-27T00:00:00
db:	NVD	id:	CVE-2020-14026	date:	2024-11-21T05:02:22.790

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-166863	date:	2020-09-22T00:00:00
db:	VULMON	id:	CVE-2020-14026	date:	2020-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-011459	date:	2021-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202009-1331	date:	2020-09-22T00:00:00
db:	NVD	id:	CVE-2020-14026	date:	2020-09-22T18:15:23.683