First published: Mon Feb 17 2020(Updated: )
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microchip Syncserver S100 Firmware | =2.90.70.3 | |
Microchip Syncserver S100 | ||
Microchip Syncserver S200 Firmware | =1.30 | |
Microchip Syncserver S200 | ||
Microchip Syncserver S250 Firmware | =1.25 | |
Microchip Syncserver S250 | ||
Microchip Syncserver S300 Firmware | =2.65.0 | |
Microchip Syncserver S300 | ||
Microchip Syncserver S350 Firmware | =2.80.1 | |
Microchip Syncserver S350 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9032 is a vulnerability that affects Symmetricom SyncServer S100, S200, S250, S300, and S350 devices.
CVE-2020-9032 allows Directory Traversal via the FileName parameter to kernlog.php, potentially enabling an attacker to access files outside of the intended directory.
CVE-2020-9032 has a severity rating of 6.5 out of 10, indicating a medium-severity vulnerability.
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices are vulnerable to CVE-2020-9032.
To mitigate CVE-2020-9032, it is recommended to apply the latest firmware updates provided by Microchip for the affected SyncServer devices.