Multiple vulnerabilities in Secomea GateManager



Published: 2020-07-29
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2020-14500
CVE-2020-14508
CVE-2020-14510
CVE-2020-14512
CWE-ID CWE-158
CWE-193
CWE-798
CWE-916
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
GateManager
Server applications / Remote access servers, VPN

Vendor Secomea

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Neutralization of Null Byte or NUL Character

EUVDB-ID: #VU32887

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14500

CWE-ID: CWE-158 - Improper Neutralization of Null Byte or NUL Character

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary data.

The vulnerability exists due to the affected software does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component. A remote attacker can send a negative value and overwrite arbitrary data on the target system. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: 9.2b

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-210-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Off-by-one

EUVDB-ID: #VU32888

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14508

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: 9.2b

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-210-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of hard-coded credentials

EUVDB-ID: #VU32889

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14510

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: 9.2b

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-210-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use of Password Hash With Insufficient Computational Effort

EUVDB-ID: #VU32890

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14512

CWE-ID: CWE-916 - Use of Password Hash With Insufficient Computational Effort

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected product uses a weak hash type. A remote attacker can view user passwords.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GateManager: 9.2b

External links

http://ics-cert.us-cert.gov/advisories/icsa-20-210-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###