CVE-2020-17386 - OpenCVE

Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cellopoint	Cellos

Configuration 1 [-]

cpe:2.3:o:cellopoint:cellos:4.1.10:build20190922:*:*:*:*:*:*

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-3847-c62ca-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2020-08-25T00:00:00

Updated: 2020-08-25T07:35:18

Reserved: 2020-08-07T00:00:00

Link: CVE-2020-17386

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-25T08:15:10.643

Modified: 2020-08-26T13:17:15.137

Link: CVE-2020-17386

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "CelloOS", "vendor": "Cellopoint", "versions": [{"lessThanOrEqual": "v4.1.10 Build 20190922", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2020-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-25T07:35:18", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-3847-c62ca-1.html"}], "solutions": [{"lang": "en", "value": "Update to v4.1.12 Build 20200701 or higher."}], "source": {"discovery": "UNKNOWN"}, "title": "Cellopoint CelloOS - Server-Side Request Forgery (SSRF)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-08-25T07:30:00.000Z", "ID": "CVE-2020-17386", "STATE": "PUBLIC", "TITLE": "Cellopoint CelloOS - Server-Side Request Forgery (SSRF)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CelloOS", "version": {"version_data": [{"version_affected": "<=", "version_name": "0", "version_value": "v4.1.10 Build 20190922"}]}}]}, "vendor_name": "Cellopoint"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-3847-c62ca-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3847-c62ca-1.html"}]}, "solution": [{"lang": "en", "value": "Update to v4.1.12 Build 20200701 or higher."}], "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2020-17386", "datePublished": "2020-08-25T00:00:00", "dateReserved": "2020-08-07T00:00:00", "dateUpdated": "2020-08-25T07:35:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cellopoint:cellos:4.1.10:build20190922:*:*:*:*:*:*", "matchCriteriaId": "D5494BBA-9417-4BD3-8A97-A0940A8D5D7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system."}, {"lang": "es", "value": "Cellopoint Cellos versi\u00f3n v4.1.10 Build 20190922, no comprueba una URL ingresada apropiadamente. Con la cookie de un usuario autenticado, los atacantes pueden manipular el par\u00e1metro URL y acceder a archivos arbitrarios en el sistema"}], "id": "CVE-2020-17386", "lastModified": "2020-08-26T13:17:15.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2020-08-25T08:15:10.643", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3847-c62ca-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}