CVE-2020-17385 Vulnerability Details

  /     /     /  

CVE-2020-17385 Metadata Quick Info

CVE Published: 25/08/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: twcert | Vendor: Cellopoint | Product: CelloOS
Status : PUBLISHED

---

CVE-2020-17385 Description

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Unauthenticated Arbitrary File Disclosure
Source: Cellopoint

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).