Directory Traversal Vulnerability in Symmetricom SyncServer Devices
CVE-2020-9033

6.5MEDIUM

Key Information:

Vendor

Microchip

Status
Syncserver S100 Firmware
Vendor
CVE Published:
17 February 2020

What is CVE-2020-9033?

Certain models of Symmetricom SyncServer devices are susceptible to a Directory Traversal vulnerability involving the FileName parameter in authlog.php. This flaw could allow attackers to access sensitive files and directories, potentially leading to unauthorized access to system data. Users are advised to implement appropriate security measures and update affected devices to mitigate risks.

References

https://sku11army.blogspot.com/2020/01/symmetricom-syncse...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-9033 : Directory Traversal Vulnerability in Symmetricom SyncServer Devices