PT-2020-5984 · Unknown · Gatemanager

Published

2020-07-29

Updated

2021-11-04

CVE-2020-14510

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GateManager versions prior to 9.2c

Description The issue is related to a hard-coded credential for telnet in the affected product, allowing an unprivileged attacker to execute commands as root. Additionally, it is described as an error related to a single offset, which can be exploited by a remote attacker to execute arbitrary commands as the root user.

Recommendations For GateManager versions prior to 9.2c, update to version 9.2c or later to resolve the issue. As a temporary workaround, consider restricting telnet access to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193CWE-798

Related Identifiers

BDU:2021-02296

CVE-2020-14510

Affected Products

Gatemanager

PT-2020-5984 · Unknown · Gatemanager

CVE-2020-14510

Weakness Enumeration

Related Identifiers

Affected Products

References · 7