1. Home
  2. CVE Database
  3. CVE-2020-9034
HIGH · 7.5

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of use...

Vulnerability Description

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
MicrochipSyncserver S100 Firmware2.90.70.3
MicrochipSyncserver S100-
MicrochipSyncserver S200 Firmware1.30
MicrochipSyncserver S200-
MicrochipSyncserver S250 Firmware1.25
MicrochipSyncserver S250-
MicrochipSyncserver S300 Firmware2.65.0
MicrochipSyncserver S300-
MicrochipSyncserver S350 Firmware2.80.1
MicrochipSyncserver S350-

References

FAQ

What is CVE-2020-9034?

CVE-2020-9034 is a vulnerability with a CVSS score of 7.5 (HIGH). Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of use...

How severe is CVE-2020-9034?

CVE-2020-9034 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9034?

Check the references section above for vendor advisories and patch information. Affected products include: Microchip Syncserver S100 Firmware, Microchip Syncserver S100, Microchip Syncserver S200 Firmware, Microchip Syncserver S200, Microchip Syncserver S250 Firmware.