First published: Mon Feb 17 2020(Updated: )
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microchip Syncserver S100 Firmware | =2.90.70.3 | |
Microchip Syncserver S100 | ||
Microchip Syncserver S200 Firmware | =1.30 | |
Microchip Syncserver S200 | ||
Microchip Syncserver S250 Firmware | =1.25 | |
Microchip Syncserver S250 | ||
Microchip Syncserver S300 Firmware | =2.65.0 | |
Microchip Syncserver S300 | ||
Microchip Syncserver S350 Firmware | =2.80.1 | |
Microchip Syncserver S350 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9033 is a vulnerability found in Symmetricom SyncServer S100, S200, S250, S300, and S350 devices that allows Directory Traversal.
CVE-2020-9033 allows an attacker to perform Directory Traversal via the FileName parameter to authlog.php on affected Symmetricom SyncServer devices.
CVE-2020-9033 has a severity rating of 6.5 (medium).
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices are affected by CVE-2020-9033.
To fix the CVE-2020-9033 vulnerability, it is recommended to update your Symmetricom SyncServer device firmware to a version that does not have the vulnerability.