First published: Tue Feb 16 2021(Updated: )
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
Credit: VulnerabilityReporting@secomea.com
Affected Software | Affected Version | How to fix |
---|---|---|
Secomea Gatemanager 4250 Firmware | ||
Secomea Gatemanager 4250 | ||
Secomea Gatemanager 4260 Firmware | ||
Secomea Gatemanager 4260 | ||
Secomea Gatemanager 9250 Firmware | ||
Secomea Gatemanager 9250 | ||
Secomea Gatemanager 8250 Firmware | <9.3 | |
Secomea Gatemanager 8250 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29023 is a vulnerability that allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program.
CVE-2020-29023 affects all versions of Secomea GateManager.
CVE-2020-29023 has a severity rating of medium with a score of 3.5.
To fix CVE-2020-29023, it is recommended to update Secomea GateManager to the latest version available.
You can find more information about CVE-2020-29023 on the Secomea website: https://www.secomea.com/support/cybersecurity-advisory/