ZyXEL CloudCNM SecuManager 3.1.0/3.1.1 Data.fs permission

Summaryinfo

A vulnerability marked as critical has been reported in ZyXEL CloudCNM SecuManager 3.1.0/3.1.1. Affected by this vulnerability is an unknown functionality of the file Data.fs. The manipulation leads to permission. This vulnerability is traded as CVE-2020-15329. There is no exploit available.

Detailsinfo

A vulnerability was found in ZyXEL CloudCNM SecuManager 3.1.0/3.1.1 (Cloud Software) and classified as critical. This issue affects an unknown code of the file Data.fs. The manipulation with an unknown input leads to a permission vulnerability. Using CWE to declare the problem leads to CWE-275. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.

The weakness was shared 09/29/2022. It is possible to read the advisory at pierrekim.github.io. The identification of this vulnerability is CVE-2020-15329 since 06/26/2020. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 10/25/2022). The attack technique deployed by this issue is T1222 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Cloud Software

Vendor

• ZyXEL

Name

• CloudCNM SecuManager

Version

• 3.1.0
• 3.1.1

License

• commercial

Website

• Vendor: https://www.zyxel.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion