Sign-up

ID

VAR-202009-0960


CVE

CVE-2020-24034


TITLE

Sagemcom F@ST 5280 routers privilege escalation vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-53783

DESCRIPTION

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise. Sagemcom F@ST 5280 routers is a router product. Attackers can use vulnerabilities to gain access to internal accounts

Trust: 1.44

sources: NVD: CVE-2020-24034 // CNVD: CNVD-2020-53783

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-53783

AFFECTED PRODUCTS

vendor:sagemcommodel:f\@st 5280 routerscope:eqversion:1.150.61

Trust: 1.0

vendor:sagemcommodel:f@st routersscope:eqversion:52801.150.61

Trust: 0.6

sources: CNVD: CNVD-2020-53783 // NVD: CVE-2020-24034

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-24034
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-53783
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202009-056
value: HIGH

Trust: 0.6

NVD:
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-53783
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-53783 // NVD: CVE-2020-24034 // CNNVD: CNNVD-202009-056

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.0

sources: NVD: CVE-2020-24034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-056

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202009-056

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-24034

PATCH
title:Patch for Sagemcom F@ST 5280 routers privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/235483
Trust: 0.6
title:Sagemcom F@ST 5280 routers Repair measures for deserialization vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=127281
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53783 // 
            
            
            
            CNNVD: CNNVD-202009-056

EXTERNAL IDS
db:PACKETSTORMid:159026
Trust: 2.2
db:NVDid:CVE-2020-24034
Trust: 2.2
db:CNVDid:CNVD-2020-53783
Trust: 0.6
db:CNNVDid:CNNVD-202009-056
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53783 // 
            
            
            
            NVD: CVE-2020-24034 // 
            
            
            
            CNNVD: CNNVD-202009-056

REFERENCES
url:http://seclists.org/fulldisclosure/2020/sep/3
Trust: 3.2
url:http://packetstormsecurity.com/files/159026/sagemcom-f-st-5280-privilege-escalation.html
Trust: 2.8
url:https://support.sagemcom.com/fr/haut-debit
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-24034
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-24034
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53783 // 
            
            
            
            NVD: CVE-2020-24034 // 
            
            
            
            CNNVD: CNNVD-202009-056

CREDITS
Ryan Delaney
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202009-056

SOURCES
db:CNVDid:CNVD-2020-53783
db:NVDid:CVE-2020-24034
db:CNNVDid:CNNVD-202009-056

LAST UPDATE DATE
2023-12-18T14:00:22.989000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-53783date:2020-09-24T00:00:00
db:NVDid:CVE-2020-24034date:2020-09-11T14:36:29.563
db:CNNVDid:CNNVD-202009-056date:2022-03-08T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-53783date:2020-09-24T00:00:00
db:NVDid:CVE-2020-24034date:2020-09-01T18:15:13.587
db:CNNVDid:CNNVD-202009-056date:2020-09-01T00:00:00