Session Validation Flaw in Symmetricom SyncServer Devices
CVE-2020-9034

7.5HIGH

Key Information:

Vendor: Microchip
Status: Syncserver S100 Firmware
Vendor: CVE Published:; 17 February 2020

What is CVE-2020-9034?

Certain versions of Symmetricom SyncServer devices are vulnerable due to improper session validation. This flaw allows an unauthenticated attacker to create, modify, or delete user accounts without any authorization, potentially compromising the integrity and security of the affected device. Users of SyncServer S100, S200, S250, S300, and S350 should ensure they apply the necessary updates to mitigate this risk.

References

https://sku11army.blogspot.com/2020/01/symmetricom-syncse...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2020
Vulnerability Reserved
Feb 17, 2020

Microchip

What is CVE-2020-9034?

References

CVSS V3.1

Timeline