CVE-2020-14026

{"id": "CVE-2020-14026", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-09-22T18:15:23.683", "references": [{"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14026-Formula%20Injection-Ozeki%20SMS%20Gateway", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ozeki.hu/index.php?owpn=231", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14026-Formula%20Injection-Ozeki%20SMS%20Gateway", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ozeki.hu/index.php?owpn=231", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export."}, {"lang": "es", "value": "Una Inyecci\u00f3n de CSV (tambi\u00e9n se conoce como Inyecci\u00f3n de una Macro de Excel o Inyecci\u00f3n de F\u00f3rmula) se presenta en la funcionalidad Export Of Contacts en Ozeki NG SMS Gateway versiones hasta 4.17.6, por medio de un valor que es manejado inapropiadamente en una exportaci\u00f3n de CSV"}], "lastModified": "2024-11-21T05:02:22.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ozeki:ozeki_ng_sms_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD2367CD-8681-42A5-99CF-4FEC7CAFFA35", "versionEndIncluding": "4.17.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}