CVE-2020-12282 - OpenCVE

iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gogogate	Ismartgate Pro Ismartgate Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:gogogate:ismartgate_pro_firmware:1.5.9:*:*:*:*:*:*:*

cpe:2.3:h:gogogate:ismartgate_pro:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ismartgate.com/secure-garage-door/
https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-24T15:10:45

Updated: 2024-08-04T11:48:58.465Z

Reserved: 2020-04-27T00:00:00

Link: CVE-2020-12282

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-24T16:15:13.567

Modified: 2020-09-27T22:27:02.003

Link: CVE-2020-12282

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-24T15:10:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ismartgate.com/secure-garage-door/"}, {"tags": ["x_refsource_MISC"], "url": "https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12282", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ismartgate.com/secure-garage-door/", "refsource": "MISC", "url": "https://ismartgate.com/secure-garage-door/"}, {"name": "https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf", "refsource": "MISC", "url": "https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:48:58.465Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ismartgate.com/secure-garage-door/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12282", "datePublished": "2020-09-24T15:10:45", "dateReserved": "2020-04-27T00:00:00", "dateUpdated": "2024-08-04T11:48:58.465Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gogogate:ismartgate_pro_firmware:1.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "02996601-731D-45DE-98EB-0349626B9985", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gogogate:ismartgate_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FCB6782-7395-4251-9E8E-EB681E46AFEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)"}, {"lang": "es", "value": "iSmartgate PRO versi\u00f3n 1.5.9, es vulnerable a un ataque de tipo CSRF por medio del par\u00e1metro busca en el formulario usado para buscar usuarios, accesible por medio del archivo /index.php. (Esto se puede combinar con un XSS reflejado)."}], "id": "CVE-2020-12282", "lastModified": "2020-09-27T22:27:02.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-24T16:15:13.567", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://ismartgate.com/secure-garage-door/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}