CVE-2020-29026

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.

Published: Feb 15, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-29026
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
secomea / gatemanager_8250_firmware	-	9.2c
secomea / gatemanager_4250_firmware	-	9.0i
secomea / gatemanager_4260_firmware	-	9.0i
secomea / gatemanager_9250_firmware	-	9.0i

https://www.secomea.com/support/cybersecurity-advisory/#2918

Vulnerability Database

290,278

CVE-2020-29026