CVE-2020-29022

Published: Feb 16, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3

Affected (4)

Products: Secomea: Gatemanager 4250 Firmware, Gatemanager 4260 Firmware, Gatemanager 9250 Firmware, Gatemanager 8250 Firmware

Secomea

4 products

Gatemanager 4250 Firmware

Gatemanager 4260 Firmware

Gatemanager 9250 Firmware

Gatemanager 8250 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Secomea Gatemanager 4250 Firmware	All versions

Running on/with	Platform Versions
Secomea Gatemanager 4250	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Secomea Gatemanager 4260 Firmware	All versions

Running on/with	Platform Versions
Secomea Gatemanager 4260	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Secomea Gatemanager 9250 Firmware	All versions

Running on/with	Platform Versions
Secomea Gatemanager 9250	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Secomea Gatemanager 8250 Firmware	Before 9.3

Running on/with	Platform Versions
Secomea Gatemanager 8250	All versions

Related CWEs

CWE-159

Improper Handling of Invalid Use of Special Elements

The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.

References (2)

https://www.secomea.com/support/cybersecurity-advisory/#2923

Source: VulnerabilityReporting@secomea.com

Vendor Advisory

https://www.secomea.com/support/cybersecurity-advisory/#2923

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.