First published: Mon Feb 17 2020(Updated: )
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microchip Syncserver S100 Firmware | =2.90.70.3 | |
Microchip Syncserver S100 | ||
Microchip Syncserver S200 Firmware | =1.30 | |
Microchip Syncserver S200 | ||
Microchip Syncserver S250 Firmware | =1.25 | |
Microchip Syncserver S250 | ||
Microchip Syncserver S300 Firmware | =2.65.0 | |
Microchip Syncserver S300 | ||
Microchip Syncserver S350 Firmware | =2.80.1 | |
Microchip Syncserver S350 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9030 is a vulnerability in Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices that allows Directory Traversal via the FileName parameter to the syslog.php.
CVE-2020-9030 has a severity level of medium with a score of 6.5.
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 are affected by CVE-2020-9030.
CVE-2020-9030 can be exploited through Directory Traversal via the FileName parameter to the syslog.php file.
At the moment, there is no known fix for CVE-2020-9030. It is recommended to follow the vendor's security advisory for updates and patches.