Directory Traversal Vulnerability in Symmetricom SyncServer Products
CVE-2020-9029

6.5MEDIUM

Key Information:

Vendor: Microchip
Status: Syncserver S100 Firmware
Vendor: CVE Published:; 17 February 2020

What is CVE-2020-9029?

The vulnerability allows an attacker to exploit the Directory Traversal flaw in multiple Symmetricom SyncServer models through improper validation of the FileName parameter in messagelog.php. This flaw may enable unauthorized access to sensitive files on the server, potentially leading to exposure of confidential information.

References

https://sku11army.blogspot.com/2020/01/symmetricom-syncse...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2020
Vulnerability Reserved
Feb 17, 2020

Microchip

What is CVE-2020-9029?

References

CVSS V3.1

Timeline