First published: Mon Feb 15 2021(Updated: )
An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c
Credit: VulnerabilityReporting@secomea.com
Affected Software | Affected Version | How to fix |
---|---|---|
Secomea Gatemanager 8250 Firmware | <9.2c | |
Secomea Gatemanager 8250 | ||
Secomea Gatemanager 4250 Firmware | <9.0i | |
Secomea Gatemanager 4250 | ||
Secomea Gatemanager 4260 Firmware | <9.0i | |
Secomea Gatemanager 4260 | ||
Secomea Gatemanager 9250 Firmware | <9.0i | |
Secomea Gatemanager 9250 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29031 is an Insecure Direct Object Reference vulnerability in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges.
CVE-2020-29031 affects all GateManager versions prior to 9.2c.
CVE-2020-29031 has a severity level of 8.1 (High).
An attacker can exploit CVE-2020-29031 by gaining authenticated access to the GateManager web UI and then resetting the password of any user in its domain or any sub-domain.
To fix CVE-2020-29031, users are advised to upgrade to GateManager version 9.2c or later.