CVE-2020-24548

Name of the Vulnerable Software and Affected Versions: Ericom Access Server version 9.2.0

Description: The issue is related to insufficient validation of incoming requests, allowing an attacker to perform a Server Side Request Forgery (SSRF) attack. This can enable the attacker to make outbound WebSocket connection requests on arbitrary TCP ports. The server provides error messages, such as "Cannot connect to" notifications, which can inform the attacker about closed ports.

Recommendations: For Ericom Access Server version 9.2.0, consider restricting access to the WebSocket connection functionality to minimize the risk of SSRF attacks until a patch is available. As a temporary workaround, disabling outbound connections on arbitrary TCP ports may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.