CVE-2020-14030

Sažetak

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.

Reference

http://www.ozeki.hu/index.php?owpn=231
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14030-RCE%20via%20.NET%20Deserialization-Ozeki%20SMS%20Gateway

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2020 - 18:42

Objavljeno

30-09-2020 - 18:15