CVE-2020-24548

Published: Aug 26, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.

Affected (1)

Products: Ericom: Access Server

Ericom

1 product

Access Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ericom Access Server	Version 9.2.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

http://packetstormsecurity.com/files/158962/Ericom-Access-Server-9.2.0-Server-Side-Request-Forgery.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=oDTd-yRxVJ0

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/158962/Ericom-Access-Server-9.2.0-Server-Side-Request-Forgery.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=oDTd-yRxVJ0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.