CVE-2021-32008 - OpenCVE

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Secomea	Gatemanager

Configuration 1 [-]

cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.secomea.com/support/cybersecurity-advisory	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Secomea

Published: 2022-03-04T21:20:10

Updated: 2022-03-04T21:20:10

Reserved: 2021-05-03T00:00:00

Link: CVE-2021-32008

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-04T22:15:18.907

Modified: 2022-03-12T02:06:45.570

Link: CVE-2021-32008

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "GateManager", "vendor": "Secomea", "versions": [{"lessThanOrEqual": "9.6.621421014", "status": "affected", "version": "All", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-04T21:20:10", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.secomea.com/support/cybersecurity-advisory"}], "source": {"defect": ["RD-5197"], "discovery": "INTERNAL"}, "title": "Logged-in Administrator may get unrestricted file system access", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32008", "STATE": "PUBLIC", "TITLE": "Logged-in Administrator may get unrestricted file system access"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GateManager", "version": {"version_data": [{"version_affected": "<=", "version_name": "All", "version_value": "9.6.621421014"}]}}]}, "vendor_name": "Secomea"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552 Files or Directories Accessible to External Parties"}]}, {"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://www.secomea.com/support/cybersecurity-advisory", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory"}]}, "source": {"defect": ["RD-5197"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2021-32008", "datePublished": "2022-03-04T21:20:10", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2022-03-04T21:20:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:secomea:gatemanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "97FB8BBF-91E8-4C63-AD3C-0F04FA31690C", "versionEndIncluding": "9.6.621421014", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories."}, {"lang": "es", "value": "Este problema afecta a: Secomea GateManager versi\u00f3n 9.6.621421014 y todas las versiones anteriores. Una limitaci\u00f3n inapropiada de un nombre de ruta al directorio restringido, permite al administrador de GateManager que ha iniciado la sesi\u00f3n eliminar archivos o directorios del sistema"}], "id": "CVE-2021-32008", "lastModified": "2022-03-12T02:06:45.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}, "published": "2022-03-04T22:15:18.907", "references": [{"source": "VulnerabilityReporting@secomea.com", "tags": ["Vendor Advisory"], "url": "https://www.secomea.com/support/cybersecurity-advisory"}], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-552"}], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary"}]}