Details of VAR-202010-0448

ID

VAR-202010-0448

CVE

CVE-2020-24990

TITLE

QSC Q-SYS Core Manager Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-013273

DESCRIPTION

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. QSC Q-SYS is a device used in signal processing from QSC Corporation of the United States. The device is used in audio information processing and information exchange, and can be used in conferences, teachers, lecture halls and other multi-person conference scenarios. Attackers can use this vulnerability to traverse TFTP related directories

Trust: 2.34

sources: NVD: CVE-2020-24990 // JVNDB: JVNDB-2020-013273 // CNVD: CNVD-2020-59737 // VULMON: CVE-2020-24990 // PACKETSTORM: 159699

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-59737

AFFECTED PRODUCTS

vendor:	qsc	model:	q-sys core manager	scope:	eq	version:	8.2.1	Trust: 2.4
vendor:	qsc	model:	q-sys core manager	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2020-59737 // JVNDB: JVNDB-2020-013273 // NVD: CVE-2020-24990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24990
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24990
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-59737
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-1421
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-24990
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-59737
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-24990
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24990
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-59737 // JVNDB: JVNDB-2020-013273 // CNNVD: CNNVD-202010-1421 // NVD: CVE-2020-24990

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013273 // NVD: CVE-2020-24990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1421

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202010-1421

PATCH

title:

Q-SYS Core Manager

url:

https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm

Trust: 0.8

sources: JVNDB: JVNDB-2020-013273

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24990	Trust: 3.2
db:	PACKETSTORM	id:	159699	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-013273	Trust: 0.8
db:	CNVD	id:	CNVD-2020-59737	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-1421	Trust: 0.6
db:	VULMON	id:	CVE-2020-24990	Trust: 0.1

sources: CNVD: CNVD-2020-59737 // VULMON: CVE-2020-24990 // JVNDB: JVNDB-2020-013273 // PACKETSTORM: 159699 // CNNVD: CNNVD-202010-1421 // NVD: CVE-2020-24990

REFERENCES

url:	http://packetstormsecurity.com/files/159699/qsc-q-sys-core-manager-8.2.1-directory-traversal.html	Trust: 2.9
url:	http://seclists.org/fulldisclosure/2020/oct/30	Trust: 2.5
url:	https://q-syshelp.qsc.com/content/core_manager/coremanager_overview.htm	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24990	Trust: 1.5
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-59737 // VULMON: CVE-2020-24990 // JVNDB: JVNDB-2020-013273 // PACKETSTORM: 159699 // CNNVD: CNNVD-202010-1421 // NVD: CVE-2020-24990

CREDITS

Kevin Randall

Trust: 0.7

sources: PACKETSTORM: 159699 // CNNVD: CNNVD-202010-1421

SOURCES

db:	CNVD	id:	CNVD-2020-59737
db:	VULMON	id:	CVE-2020-24990
db:	JVNDB	id:	JVNDB-2020-013273
db:	PACKETSTORM	id:	159699
db:	CNNVD	id:	CNNVD-202010-1421
db:	NVD	id:	CVE-2020-24990

LAST UPDATE DATE

2024-11-23T22:05:25.693000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-59737	date:	2020-10-31T00:00:00
db:	VULMON	id:	CVE-2020-24990	date:	2020-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-013273	date:	2021-06-23T03:28:00
db:	CNNVD	id:	CNNVD-202010-1421	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-24990	date:	2024-11-21T05:16:23.833

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-59737	date:	2020-10-31T00:00:00
db:	VULMON	id:	CVE-2020-24990	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-013273	date:	2021-06-23T00:00:00
db:	PACKETSTORM	id:	159699	date:	2020-10-26T16:29:26
db:	CNNVD	id:	CNNVD-202010-1421	date:	2020-10-26T00:00:00
db:	NVD	id:	CVE-2020-24990	date:	2020-10-28T19:15:13.620