CVE-2020-29023
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/02/2021
Last modified:
26/02/2021
Description
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
Impact
Base Score 3.x
3.50
Severity 3.x
LOW
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:secomea:gatemanager_4250_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:secomea:gatemanager_4250:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:secomea:gatemanager_4260_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:secomea:gatemanager_4260:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:secomea:gatemanager_9250_firmware:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:secomea:gatemanager_9250:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:secomea:gatemanager_8250_firmware:*:*:*:*:*:*:*:* | 9.3 (excluding) | |
| cpe:2.3:h:secomea:gatemanager_8250:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page