CVE-2020-17386: Cellopoint CelloOS - Server-Side Request Forgery (SSRF)
First published: Tue Aug 25 2020(Updated: )
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cellopoint Cellos | =4.1.10-build20190922 |
Remedy
Update to v4.1.12 Build 20200701 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cellopoint Cellos vulnerability?
The vulnerability ID for this Cellopoint Cellos vulnerability is CVE-2020-17386.
What is the severity of CVE-2020-17386?
The severity of CVE-2020-17386 is medium with a severity value of 6.5.
What is the affected software of CVE-2020-17386?
The affected software of CVE-2020-17386 is Cellopoint Cellos v4.1.10 Build 20190922.
How does CVE-2020-17386 impact the system?
CVE-2020-17386 allows attackers to access arbitrary files on the system by tampering with the URL parameter.
Is there a fix available for CVE-2020-17386?
Currently, there is no known fix or patch available for CVE-2020-17386. It is recommended to follow the provided mitigation recommendations from the referenced source.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/title
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cellopoint
- canonical/cellopoint cellos
- version/cellopoint cellos/4.1.10-build20190922