Weak Data.fs Permissions in Zyxel CloudCNM SecuManager
CVE-2020-15329

5.3MEDIUM

Key Information:

Vendor: Zyxel
Status: Cloudcnm Secumanager
Vendor: CVE Published:; 29 September 2022

What is CVE-2020-15329?

The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 exhibit insufficient data permissions in the Data.fs file, which may allow unauthorized access and manipulation of sensitive data. This flaw poses a significant risk to organizations relying on Zyxel's cloud network management solutions and potentially exposes them to data breaches and exploitation.

References

https://pierrekim.github.io/blog/2020-03-09-zyxel-secuman...

x_refsource_MISC

https://www.zyxel.com/support/vulnerabilities-of-CloudCNM...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Jun 26, 2020