Vulnerability Description
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ozeki | Ozeki Ng Sms Gateway | <= 4.17.6 |
References
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-ArbitrarExploitThird Party Advisory
- https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&downloadRelease NotesVendor Advisory
- https://www.ozeki.hu/index.php?owpn=231Vendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-ArbitrarExploitThird Party Advisory
- https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&downloadRelease NotesVendor Advisory
- https://www.ozeki.hu/index.php?owpn=231Vendor Advisory
FAQ
What is CVE-2020-14021?
CVE-2020-14021 is a vulnerability with a CVSS score of 4.9 (MEDIUM). An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any f...
How severe is CVE-2020-14021?
CVE-2020-14021 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14021?
Check the references section above for vendor advisories and patch information. Affected products include: Ozeki Ozeki Ng Sms Gateway.