CVE-2020-15809
Last modified
CVE-2020-15809 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.. EPSS estimates a 0.94% chance of exploitation in the next 30 days.
Description
spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Spinetix | Dsos | <= 4.5.2-1.0.2-1eb2ffbd |
| Spinetix | Hmp350 Firmware | <= 4.5.2-1.0.36229 |
| Spinetix | Hmp300 Firmware | <= 4.5.2-1.0.36229 |
| Spinetix | Diva Firmware | <= 4.5.2-1.0.36229 |
| Spinetix | Hmp400 Firmware | <= 4.5.2-1.0.2-1eb2ffbd |
| Spinetix | Hmp400w Firmware | <= 4.5.2-1.0.2-1eb2ffbd |
References
- https://support.spinetix.com/wiki/DSOS_release_notesRelease Notes, Vendor Advisory
- https://support.spinetix.com/wiki/SpinetiX-SA-20:01Release Notes, Vendor Advisory
- https://support.spinetix.com/wiki/DSOS_release_notesRelease Notes, Vendor Advisory
- https://support.spinetix.com/wiki/SpinetiX-SA-20:01Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-15809?
How severe is CVE-2020-15809?
How do I fix CVE-2020-15809?
Are you affected by CVE-2020-15809?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST