Vulnerability Description
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ozeki | Ozeki Ng Sms Gateway | <= 4.17.6 |
Related Weaknesses (CWE)
References
- http://www.ozeki.hu/index.php?owpn=231Vendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14030-RCE%20viPatchThird Party Advisory
- http://www.ozeki.hu/index.php?owpn=231Vendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14030-RCE%20viPatchThird Party Advisory
FAQ
What is CVE-2020-14030?
CVE-2020-14030 is a vulnerability with a CVSS score of 7.2 (HIGH). An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized fi...
How severe is CVE-2020-14030?
CVE-2020-14030 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14030?
Check the references section above for vendor advisories and patch information. Affected products include: Ozeki Ozeki Ng Sms Gateway.