CVE-2017-20038

Published: Jun 11, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely.

Affected (1)

Products: Sicunet: Access Control

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sicunet Access Control	Version 0.32-05z

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://seclists.org/fulldisclosure/2017/Mar/25

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://vuldb.com/?id.98906

Source: cna@vuldb.com

Third Party Advisory

http://seclists.org/fulldisclosure/2017/Mar/25

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://vuldb.com/?id.98906

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.