PT-2020-20446 · Symmetricom · Syncserver S300+4

Published

2020-02-17

Updated

2020-02-19

CVE-2020-9031

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Symmetricom SyncServer S100 version 2.90.70.3 Symmetricom SyncServer S200 version 1.30 Symmetricom SyncServer S250 version 1.25 Symmetricom SyncServer S300 version 2.65.0 Symmetricom SyncServer S350 version 2.80.1

Description The issue allows Directory Traversal via the FileName parameter to "daemonlog.php".

Recommendations For Symmetricom SyncServer S100 version 2.90.70.3, consider restricting access to the daemonlog.php endpoint to minimize the risk of exploitation. For Symmetricom SyncServer S200 version 1.30, avoid using the FileName parameter in the affected endpoint until the issue is resolved. For Symmetricom SyncServer S250 version 1.25, restrict access to the vulnerable daemonlog.php endpoint. For Symmetricom SyncServer S300 version 2.65.0, consider disabling access to the daemonlog.php endpoint as a temporary workaround. For Symmetricom SyncServer S350 version 2.80.1, limit the use of the FileName parameter in the "daemonlog.php" endpoint to prevent exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-9031

Affected Products

Syncserver S100

Syncserver S200

Syncserver S250

Syncserver S300

Syncserver S350

PT-2020-20446 · Symmetricom · Syncserver S300+4

CVE-2020-9031

Weakness Enumeration

Related Identifiers

Affected Products

References · 4