Details of VAR-202009-0960

ID

VAR-202009-0960

CVE

CVE-2020-24034

TITLE

Sagemcom F@ST 5280 routers privilege escalation vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-53783

DESCRIPTION

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise. Sagemcom F@ST 5280 routers is a router product. Attackers can use vulnerabilities to gain access to internal accounts

Trust: 1.44

sources: NVD: CVE-2020-24034 // CNVD: CNVD-2020-53783

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-53783

AFFECTED PRODUCTS

vendor:	sagemcom	model:	f\@st 5280 router	scope:	eq	version:	1.150.61	Trust: 1.0
vendor:	sagemcom	model:	f@st routers	scope:	eq	version:	52801.150.61	Trust: 0.6

sources: CNVD: CNVD-2020-53783 // NVD: CVE-2020-24034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24034
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2020-53783
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202009-056
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-24034
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-53783
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-24034
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-53783 // CNNVD: CNNVD-202009-056 // NVD: CVE-2020-24034

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.0

sources: NVD: CVE-2020-24034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-056

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202009-056

PATCH

title:	Patch for Sagemcom F@ST 5280 routers privilege escalation vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/235483	Trust: 0.6
title:	Sagemcom F@ST 5280 routers Repair measures for deserialization vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127281	Trust: 0.6

sources: CNVD: CNVD-2020-53783 // CNNVD: CNNVD-202009-056

EXTERNAL IDS

db:	PACKETSTORM	id:	159026	Trust: 2.2
db:	NVD	id:	CVE-2020-24034	Trust: 2.2
db:	CNVD	id:	CNVD-2020-53783	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-056	Trust: 0.6

sources: CNVD: CNVD-2020-53783 // CNNVD: CNNVD-202009-056 // NVD: CVE-2020-24034

REFERENCES

url:	https://seclists.org/fulldisclosure/2020/sep/3	Trust: 3.2
url:	http://packetstormsecurity.com/files/159026/sagemcom-f-st-5280-privilege-escalation.html	Trust: 2.8
url:	https://support.sagemcom.com/fr/haut-debit	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-24034	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24034	Trust: 0.6

sources: CNVD: CNVD-2020-53783 // CNNVD: CNNVD-202009-056 // NVD: CVE-2020-24034

CREDITS

Ryan Delaney

Trust: 0.6

sources: CNNVD: CNNVD-202009-056

SOURCES

db:	CNVD	id:	CNVD-2020-53783
db:	CNNVD	id:	CNNVD-202009-056
db:	NVD	id:	CVE-2020-24034

LAST UPDATE DATE

2024-11-23T22:11:19.517000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-53783	date:	2020-09-24T00:00:00
db:	CNNVD	id:	CNNVD-202009-056	date:	2022-03-08T00:00:00
db:	NVD	id:	CVE-2020-24034	date:	2024-11-21T05:14:20.723

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-53783	date:	2020-09-24T00:00:00
db:	CNNVD	id:	CNNVD-202009-056	date:	2020-09-01T00:00:00
db:	NVD	id:	CVE-2020-24034	date:	2020-09-01T18:15:13.587