Multiple vulnerabilities in Secomea GateManager



Published: 2021-02-23
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2020-29024
CVE-2020-29021
CVE-2020-29023
CVE-2020-29022
CWE ID CWE-79
CWE-94
CWE-345
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
GateManager
Server applications / Remote access servers, VPN

Vendor

Security Advisory

1) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Risk: Medium

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-29024

CWE-ID: -

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing HttpOnly and Secure flags on GoToAppliance. A remote attacker can gain access to sensitive cookies.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: before 9.3

CPE External links

https://www.secomea.com/support/cybersecurity-advisory/#2418

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

Risk: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-29021

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in web UI. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GateManager: before 9.3

CPE External links

https://www.secomea.com/support/cybersecurity-advisory/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Code Injection

Risk: Low

CVSSv3: 3.1 [CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29023

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to inject arbitrary code into CSV files.

The vulnerability exists due to improper fields escaping. A remote administrator can inject arbitrary code into a CSV file.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: before 9.3

CPE External links

https://www.secomea.com/support/cybersecurity-advisory/
https://www.secomea.com/support/cybersecurity-advisory/#2418

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Insufficient verification of data authenticity

Risk: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-29022

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the failure to sanitize host header value on output. A remote attacker can conduct web cache poisoning attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: before 9.3

CPE External links

https://www.secomea.com/support/cybersecurity-advisory/#2923

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###