Details of VAR-202102-0398

ID

VAR-202102-0398

CVE

CVE-2020-29031

TITLE

GateManager Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011489

DESCRIPTION

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c. GateManager Is vulnerable to injection.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Secomea GateManager is a remote access server product of Secomea, Denmark. The vulnerability stems from an insecure direct object reference vulnerability

Trust: 2.25

sources: NVD: CVE-2020-29031 // JVNDB: JVNDB-2020-011489 // CNVD: CNVD-2021-18029 // VULMON: CVE-2020-29031

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-18029

AFFECTED PRODUCTS

vendor:	secomea	model:	gatemanager 8250	scope:	lt	version:	9.2c	Trust: 1.0
vendor:	secomea	model:	gatemanager 4250	scope:	lt	version:	9.0i	Trust: 1.0
vendor:	secomea	model:	gatemanager 9250	scope:	lt	version:	9.0i	Trust: 1.0
vendor:	secomea	model:	gatemanager 4260	scope:	lt	version:	9.0i	Trust: 1.0
vendor:	b r industrial automation	model:	gatemanager 4250	scope:	-	version:	-	Trust: 0.8
vendor:	b r industrial automation	model:	gatemanager 4260	scope:	-	version:	-	Trust: 0.8
vendor:	b r industrial automation	model:	gatemanager 8250	scope:	-	version:	-	Trust: 0.8
vendor:	b r industrial automation	model:	gatemanager 9250	scope:	-	version:	-	Trust: 0.8
vendor:	secomea	model:	gatemanager <9.2c	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-18029 // JVNDB: JVNDB-2020-011489 // NVD: CVE-2020-29031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29031
value:	HIGH
Trust: 1.0
VulnerabilityReporting@secomea.com:	CVE-2020-29031
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29031
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-18029
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1185
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-29031
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-29031
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-18029
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-29031
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
VulnerabilityReporting@secomea.com:	CVE-2020-29031
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29031
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-18029 // VULMON: CVE-2020-29031 // JVNDB: JVNDB-2020-011489 // CNNVD: CNNVD-202102-1185 // NVD: CVE-2020-29031 // NVD: CVE-2020-29031

PROBLEMTYPE DATA

problemtype:	CWE-280	Trust: 1.0
problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011489 // NVD: CVE-2020-29031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1185

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1185

PATCH

title:	RD-2920	url:	https://www.secomea.com/support/cybersecurity-advisory/#2920	Trust: 0.8
title:	Patch for Secomea GateManager unsafe direct object reference vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/253286	Trust: 0.6
title:	Secomea GateManager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142400	Trust: 0.6

sources: CNVD: CNVD-2021-18029 // JVNDB: JVNDB-2020-011489 // CNNVD: CNNVD-202102-1185

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29031	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-011489	Trust: 0.8
db:	CNVD	id:	CNVD-2021-18029	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1185	Trust: 0.6
db:	VULMON	id:	CVE-2020-29031	Trust: 0.1

sources: CNVD: CNVD-2021-18029 // VULMON: CVE-2020-29031 // JVNDB: JVNDB-2020-011489 // CNNVD: CNNVD-202102-1185 // NVD: CVE-2020-29031

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-29031	Trust: 2.0
url:	https://www.secomea.com/support/cybersecurity-advisory/#2920	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-18029 // VULMON: CVE-2020-29031 // JVNDB: JVNDB-2020-011489 // CNNVD: CNNVD-202102-1185 // NVD: CVE-2020-29031

SOURCES

db:	CNVD	id:	CNVD-2021-18029
db:	VULMON	id:	CVE-2020-29031
db:	JVNDB	id:	JVNDB-2020-011489
db:	CNNVD	id:	CNNVD-202102-1185
db:	NVD	id:	CVE-2020-29031

LAST UPDATE DATE

2024-11-23T21:58:49.105000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-18029	date:	2021-03-16T00:00:00
db:	VULMON	id:	CVE-2020-29031	date:	2021-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-011489	date:	2021-04-05T07:49:00
db:	CNNVD	id:	CNNVD-202102-1185	date:	2021-03-02T00:00:00
db:	NVD	id:	CVE-2020-29031	date:	2024-11-21T05:23:33.977

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-18029	date:	2021-03-16T00:00:00
db:	VULMON	id:	CVE-2020-29031	date:	2021-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-011489	date:	2021-04-05T00:00:00
db:	CNNVD	id:	CNNVD-202102-1185	date:	2021-02-15T00:00:00
db:	NVD	id:	CVE-2020-29031	date:	2021-02-15T16:15:14.857