PT-2021-11639 · Secomea · Secomea Gatemanager

Tenable

Published

2021-03-05

Updated

2021-03-12

CVE-2020-29032

CVSS v3.1

8.4

High

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions prior to 9.4.621054022

Description: The issue allows an authenticated attacker to execute malicious code on the server due to the upload of code without an integrity check in the firmware archive of Secomea GateManager.

Recommendations: For versions prior to 9.4.621054022, update to version 9.4.621054022 or later to resolve the issue. As a temporary workaround, consider restricting access to the firmware archive to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-494

Related Identifiers

CVE-2020-29032

Affected Products

Secomea Gatemanager

PT-2021-11639 · Secomea · Secomea Gatemanager

CVE-2020-29032

Weakness Enumeration

Related Identifiers

Affected Products

References · 6