CVE-2020-27304

{"id": "CVE-2020-27304", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-10-21T16:15:07.737", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "source": "vuln@vdoo.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "vuln@vdoo.com"}, {"url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ", "tags": ["Mailing List", "Third Party Advisory"], "source": "vuln@vdoo.com"}, {"url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/", "tags": ["Exploit", "Third Party Advisory"], "source": "vuln@vdoo.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vuln@vdoo.com", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal"}, {"lang": "es", "value": "La biblioteca web CivetWeb no comprueba las rutas de los archivos cargados cuando se ejecuta en un sistema operativo distinto de Windows, cuando es usado el mecanismo incorporado de carga de archivos basado en formularios HTTP, por medio de la API mg_handle_form_request. Las aplicaciones web que usan el manejador de formularios de carga de archivos, y usan partes del nombre de archivo controlado por el usuario en la ruta de salida, son susceptibles a un salto de directorio"}], "lastModified": "2024-11-21T05:21:01.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:civetweb_project:civetweb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86B4245C-5C12-424B-A771-E04CE3516108", "versionEndExcluding": "1.15", "versionStartIncluding": "1.8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@vdoo.com"}