CVE-2020-29031
Last modified
CVE-2020-29031 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Secomea | Gatemanager 8250 Firmware | < 9.2c |
| Secomea | Gatemanager 4250 Firmware | < 9.0i |
| Secomea | Gatemanager 4260 Firmware | < 9.0i |
| Secomea | Gatemanager 9250 Firmware | < 9.0i |
References
- https://www.secomea.com/support/cybersecurity-advisory/#2920Vendor Advisory
- https://www.secomea.com/support/cybersecurity-advisory/#2920Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-29031?
How severe is CVE-2020-29031?
How do I fix CVE-2020-29031?
Are you affected by CVE-2020-29031?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST