Vulnerability CVE-2020-24548


Published: 2020-08-26

Description:
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.

See advisories in our WLB2 database:
Topic
Author
Date
High
Ericom Access Server for (AccessNow & Ericom Blaze) v9.2.0 Server Side Request Forgery
hyp3rlinx
22.08.2020

Type:

CWE-918

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Ericom -> Access server 

 References:
http://packetstormsecurity.com/files/158962/Ericom-Access-Server-9.2.0-Server-Side-Request-Forgery.html
https://www.youtube.com/watch?v=oDTd-yRxVJ0

Copyright 2024, cxsecurity.com

 

Back to Top