CVE-2020-19678

Published Apr 6, 2023

Last updated 3 months ago

CVSS high 7.5

Overview

Description: Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-22
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oisf:suricata:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A0C77AB-2ED7-4BE6-8E83-20CDEE6592D6"
          },
          {
            "criteria": "cpe:2.3:a:pfsense:pfsense:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E427DF08-7EE5-406A-BB5D-3635797C5B92"
          },
          {
            "criteria": "cpe:2.3:a:pfsense:suricata_package:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78558C4B-83C7-4C3D-B9A9-83531691EF41"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References