PT-2020-20444 · Symmetricom · Syncserver S300+4

Published

2020-02-17

Updated

2020-02-19

CVE-2020-9029

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Symmetricom SyncServer S100 version 2.90.70.3 Symmetricom SyncServer S200 version 1.30 Symmetricom SyncServer S250 version 1.25 Symmetricom SyncServer S300 version 2.65.0 Symmetricom SyncServer S350 version 2.80.1

Description The issue allows Directory Traversal via the FileName parameter to "messagelog.php". This enables potential access to sensitive files and directories.

Recommendations For Symmetricom SyncServer S100 version 2.90.70.3, restrict access to the messagelog.php endpoint to minimize the risk of exploitation. For Symmetricom SyncServer S200 version 1.30, avoid using the FileName parameter in the affected API endpoint until the issue is resolved. For Symmetricom SyncServer S250 version 1.25, consider disabling access to sensitive directories to prevent traversal. For Symmetricom SyncServer S300 version 2.65.0, limit the messagelog.php endpoint's functionality to prevent directory traversal. For Symmetricom SyncServer S350 version 2.80.1, restrict the FileName parameter's input to prevent malicious file access.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-9029

Affected Products

Syncserver S100

Syncserver S200

Syncserver S250

Syncserver S300

Syncserver S350

PT-2020-20444 · Symmetricom · Syncserver S300+4

CVE-2020-9029

Weakness Enumeration

Related Identifiers

Affected Products

References · 4