PT-2020-13845 · Ozeki · Ozeki Ng Sms Gateway
Drunkenshells
·
Published
2020-09-18
·
Updated
2020-09-26
·
CVE-2020-14021
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ozeki NG SMS Gateway versions through 4.17.6
Description
An issue in the ASP.net SMS module allows it to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITYSYSTEM privileges.
Recommendations
For Ozeki NG SMS Gateway versions through 4.17.6, consider restricting access to the ASP.net SMS module until a patch is available. As a temporary workaround, limit the module's ability to read files outside its intended directory to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ozeki Ng Sms Gateway