Vulnerability Description
A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secomea | Gatemanager 8250 Firmware | < 9.2c |
| Secomea | Gatemanager 8250 | - |
| Secomea | Gatemanager 4250 Firmware | < 9.0i |
| Secomea | Gatemanager 4250 | - |
| Secomea | Gatemanager 4260 Firmware | < 9.0i |
| Secomea | Gatemanager 4260 | - |
| Secomea | Gatemanager 9250 Firmware | < 9.0i |
| Secomea | Gatemanager 9250 | - |
Related Weaknesses (CWE)
References
- https://www.secomea.com/support/cybersecurity-advisory/#2918Vendor Advisory
- https://www.secomea.com/support/cybersecurity-advisory/#2918Vendor Advisory
FAQ
What is CVE-2020-29026?
CVE-2020-29026 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the...
How severe is CVE-2020-29026?
CVE-2020-29026 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-29026?
Check the references section above for vendor advisories and patch information. Affected products include: Secomea Gatemanager 8250 Firmware, Secomea Gatemanager 8250, Secomea Gatemanager 4250 Firmware, Secomea Gatemanager 4250, Secomea Gatemanager 4260 Firmware.