CVE-2020-11420
Published Apr 27, 2020
Last updated 3 years ago
Overview
- Description
- UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:cs141_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "467676DC-B458-4286-AA67-7543EA326107",
"versionEndIncluding": "1.88",
"versionStartIncluding": "1.66"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:cs141:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0CD427DB-78E2-4684-A94B-2ABA5F005E93"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22DFAEB4-EE2A-41AC-B6AE-991DAC7C0687",
"versionEndExcluding": "1.90"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]