CVE-2020-29023

{"id": "CVE-2020-29023", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}]}, "published": "2021-02-16T16:15:12.707", "references": [{"url": "https://www.secomea.com/support/cybersecurity-advisory/", "tags": ["Vendor Advisory"], "source": "VulnerabilityReporting@secomea.com"}, {"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418", "tags": ["Vendor Advisory"], "source": "VulnerabilityReporting@secomea.com"}, {"url": "https://www.secomea.com/support/cybersecurity-advisory/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "VulnerabilityReporting@secomea.com", "description": [{"lang": "en", "value": "CWE-116"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3."}, {"lang": "es", "value": "Una Codificaci\u00f3n o Escape Inapropiado de la Salida de CSV Report Generator de Secomea GateManager, permite a un administrador autenticado generar un archivo CSV que puede ejecutar comandos arbitrarios en la computadora de la v\u00edctima cuando se abre en un programa de hoja de c\u00e1lculo (como Excel). Este problema afecta: Secomea GateManager todas las versiones anteriores a 9.3"}], "lastModified": "2024-11-21T05:23:32.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFA20EA3-F08F-4EEC-993D-CFF3B64FEF8D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0DB6136A-5440-4980-940D-CD178DC219B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "048A7B3B-193A-475A-B764-AB6434757028"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B546E62-81BB-4ED8-87C9-41BD79484AD0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1BAF966-A1EE-4B37-BE84-BF137449C6FF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68DE2092-2EA1-4D49-84EB-20BE2CD7B113"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E0BA172-4047-4D60-9F37-A81EC4622376", "versionEndExcluding": "9.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5089C475-2013-4DF6-AD1E-12F576ACAE8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com"}