Lucene search

MitreCVE-2020-11491

HistoryApr 02, 2020 - 2:15 p.m.

CVE-2020-11491

2020-04-0214:15:15

CWE-22

mitre

web.nvd.nist.gov

cve-2020-11491

zen load balancer

path traversal

security vulnerability

nvd

absolute path traversal

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.

Affected configurations

Nvd

Node

zevenetzen_load_balancerMatch3.10.1

VendorProductVersionCPE
zevenetzen_load_balancer3.10.1cpe:2.3:a:zevenet:zen_load_balancer:3.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zevenet	zen_load_balancer	3.10.1	cpe:2.3:a:zevenet:zen_load_balancer:3.10.1:::::::*

References

code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html

github.com/c610/tmp/blob/master/zenload4patreons.zip

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Related for CVE-2020-11491