Vulnerability CVE-2020-14021

Vulnerability CVE-2020-14021

Published: 2020-09-18

Description:

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4/10	2.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Ozeki -> Ozeki ng sms gateway

References:

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-Arbitrary%20File%20Read-Ozeki%20SMS%20Gateway

https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows

https://www.ozeki.hu/index.php?owpn=231

Vulnerability CVE-2020-14021

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

4/10

2.9/10

8/10

Remote

Low

Single time

Partial

None

None

Affected software

References: