CVE-2020-14021

2020-09-1817:19:39

mitre

www.cve.org

ozeki ng sms gateway

unauthorized access

source code

asp.net module

operating system

nt authority\system privileges

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.

References

github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14021-Arbitrary%20File%20Read-Ozeki%20SMS%20Gateway

www.ozeki.hu/index.php?owpn=231

www.ozeki.hu/index.php?ow_page_number=1017&downloadaction=email&download_product_id=1&os=windows&dpath=%2Fattachments%2F702%2Finstallwindows_1590575794_OzekiNG-SMS-Gateway_4.17.6.zip&dname=Ozeki+NG+SMS+Gateway+v4.17.6&dsize=+%2817.8+MB%29&platform=Windows