CVE-2020-14021

Published: Sep 18, 2020Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.

Affected (1)

Products: Ozeki: Ozeki Ng Sms Gateway

1 product

Ozeki Ng Sms Gateway

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ozeki Ozeki Ng Sms Gateway	Up to 4.17.6

References (6)

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-Arbitrary%20File%20Read-Ozeki%20SMS%20Gateway

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.ozeki.hu/index.php?owpn=231

Source: cve@mitre.org

Vendor Advisory

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-Arbitrary%20File%20Read-Ozeki%20SMS%20Gateway

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.ozeki.hu/index.php?owpn=231

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.