8.1
CVE-2020-29031
- EPSS 0.22%
- Veröffentlicht 15.02.2021 16:15:14
- Zuletzt bearbeitet 21.11.2024 05:23:33
- Quelle VulnerabilityReporting@secomea
- CVE-Watchlists
- Unerledigt
LoginAn Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Secomea ≫ Gatemanager 8250 Firmware Version < 9.2c
Secomea ≫ Gatemanager 4250 Firmware Version < 9.0i
Secomea ≫ Gatemanager 4260 Firmware Version < 9.0i
Secomea ≫ Gatemanager 9250 Firmware Version < 9.0i
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.441 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
| VulnerabilityReporting@secomea.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-280 Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.