CVE-2020-29032: Malicious File Upload
First published: Fri Mar 05 2021(Updated: )
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022
Credit: VulnerabilityReporting@secomea.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Secomea Gatemanager 8250 Firmware | <9.4.621054022 | |
| Secomea Gatemanager 8250 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-29032?
CVE-2020-29032 is a vulnerability in the firmware archive of Secomea GateManager that allows an authenticated attacker to execute malicious code on the server.
What is the severity of CVE-2020-29032?
The severity of CVE-2020-29032 is high, with a CVSS score of 7.2.
Which versions of Secomea GateManager are affected by CVE-2020-29032?
All versions of Secomea GateManager prior to 9.4.621054022 are affected by CVE-2020-29032.
How can an attacker exploit CVE-2020-29032?
An authenticated attacker can exploit CVE-2020-29032 by uploading malicious code to the firmware archive without integrity checks.
Are there any references for CVE-2020-29032?
Yes, you can find more information about CVE-2020-29032 at the following references: [Reference 1](https://www.secomea.com/support/cybersecurity-advisory/#3737), [Reference 2](https://www.tenable.com/security/research/tra-2021-06).
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/secomea
- canonical/secomea gatemanager 8250 firmware
- canonical/secomea gatemanager 8250