CVE-2020-24038 — MEDIUM (6.5)

Vulnerability Description

myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Eram	Myfax150 Firmware	229
Eram	Myfax150	-
Eram	Myfax250 Firmware	229
Eram	Myfax250	-
Eram	Myfax450 Firmware	229
Eram	Myfax450	-

Related Weaknesses (CWE)

CWE-532

References

https://github.com/Dmitriy-area51/Exploit/tree/master/CVE-2020-24038ExploitThird Party Advisory
https://myfax.com/Vendor Advisory
https://github.com/Dmitriy-area51/Exploit/tree/master/CVE-2020-24038ExploitThird Party Advisory
https://myfax.com/Vendor Advisory

FAQ

What is CVE-2020-24038?

CVE-2020-24038 is a vulnerability with a CVSS score of 6.5 (MEDIUM). myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.

How severe is CVE-2020-24038?

CVE-2020-24038 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24038?

Check the references section above for vendor advisories and patch information. Affected products include: Eram Myfax150 Firmware, Eram Myfax150, Eram Myfax250 Firmware, Eram Myfax250, Eram Myfax450 Firmware.