Vulnerability Description
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ozeki | Ozeki Ng Sms Gateway | <= 4.17.6 |
References
- http://www.ozeki.hu/index.php?owpn=231Vendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-ArbitaryExploitThird Party Advisory
- http://www.ozeki.hu/index.php?owpn=231Vendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-ArbitaryExploitThird Party Advisory
FAQ
What is CVE-2020-14031?
CVE-2020-14031 is a vulnerability with a CVSS score of 7.2 (HIGH). An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT...
How severe is CVE-2020-14031?
CVE-2020-14031 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14031?
Check the references section above for vendor advisories and patch information. Affected products include: Ozeki Ozeki Ng Sms Gateway.