Vulnerability Description
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secomea | Gatemanager 8250 Firmware | < 9.2c |
| Secomea | Gatemanager 8250 | - |
| Secomea | Gatemanager 4250 Firmware | < 9.0i |
| Secomea | Gatemanager 4250 | - |
| Secomea | Gatemanager 4260 Firmware | < 9.0i |
| Secomea | Gatemanager 4260 | - |
| Secomea | Gatemanager 9250 Firmware | < 9.0i |
| Secomea | Gatemanager 9250 | - |
Related Weaknesses (CWE)
References
- https://www.secomea.com/support/cybersecurity-advisory/#2920Vendor Advisory
- https://www.secomea.com/support/cybersecurity-advisory/#2920Vendor Advisory
FAQ
What is CVE-2020-29031?
CVE-2020-29031 is a vulnerability with a CVSS score of 7.1 (HIGH). An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via ...
How severe is CVE-2020-29031?
CVE-2020-29031 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29031?
Check the references section above for vendor advisories and patch information. Affected products include: Secomea Gatemanager 8250 Firmware, Secomea Gatemanager 8250, Secomea Gatemanager 4250 Firmware, Secomea Gatemanager 4250, Secomea Gatemanager 4260 Firmware.