Details of VAR-202009-0293

ID

VAR-202009-0293

CVE

CVE-2020-14031

TITLE

Ozeki NG SMS Gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011462

DESCRIPTION

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). Ozeki NG SMS Gateway Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The program can convert your incoming emails to SMS and send them to your mobile phone. The main functions are: (1), send and receive messages in two ways (from phone to system, from system to phone); (2), support various applications of desktop email and Webmail; (3), powerful The server supports the program and stores your SMS to send and receive these; (4), supports multiple devices, etc

Trust: 1.71

sources: NVD: CVE-2020-14031 // JVNDB: JVNDB-2020-011462 // VULHUB: VHN-166869

AFFECTED PRODUCTS

vendor:	ozeki	model:	ng sms gateway	scope:	lte	version:	4.17.6	Trust: 1.0
vendor:	ozeki	model:	ng-sms gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	ozeki	model:	ng-sms gateway	scope:	lte	version:	4.17.6 until	Trust: 0.8

sources: JVNDB: JVNDB-2020-011462 // NVD: CVE-2020-14031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14031
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-14031
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-1335
value:	HIGH
Trust: 0.6
VULHUB:	VHN-166869
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-14031
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-166869
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-14031
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-14031
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-166869 // JVNDB: JVNDB-2020-011462 // CNNVD: CNNVD-202009-1335 // NVD: CVE-2020-14031

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011462 // NVD: CVE-2020-14031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1335

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-1335

PATCH

title:	Download Ozeki Software Products	url:	http://www.ozeki.hu/index.php?owpn=231	Trust: 0.8
title:	Ozeki NG SMS Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129303	Trust: 0.6

sources: JVNDB: JVNDB-2020-011462 // CNNVD: CNNVD-202009-1335

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14031	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011462	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-1335	Trust: 0.7
db:	CNVD	id:	CNVD-2020-53533	Trust: 0.1
db:	VULHUB	id:	VHN-166869	Trust: 0.1

sources: VULHUB: VHN-166869 // JVNDB: JVNDB-2020-011462 // CNNVD: CNNVD-202009-1335 // NVD: CVE-2020-14031

REFERENCES

url:	https://github.com/drunkenshells/disclosures/tree/master/cve-2020-14031-arbitary%20file%20delete-ozeki%20sms%20gateway	Trust: 2.5
url:	http://www.ozeki.hu/index.php?owpn=231	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14031	Trust: 1.4

sources: VULHUB: VHN-166869 // JVNDB: JVNDB-2020-011462 // CNNVD: CNNVD-202009-1335 // NVD: CVE-2020-14031

SOURCES

db:	VULHUB	id:	VHN-166869
db:	JVNDB	id:	JVNDB-2020-011462
db:	CNNVD	id:	CNNVD-202009-1335
db:	NVD	id:	CVE-2020-14031

LAST UPDATE DATE

2024-11-23T21:35:20.592000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-166869	date:	2020-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-011462	date:	2021-04-02T07:53:00
db:	CNNVD	id:	CNNVD-202009-1335	date:	2020-09-27T00:00:00
db:	NVD	id:	CVE-2020-14031	date:	2024-11-21T05:02:23.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-166869	date:	2020-09-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-011462	date:	2021-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202009-1335	date:	2020-09-22T00:00:00
db:	NVD	id:	CVE-2020-14031	date:	2020-09-22T18:15:23.903