CVE-2020-14031 - OpenCVE

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ozeki	Ozeki Ng Sms Gateway

Configuration 1 [-]

cpe:2.3:a:ozeki:ozeki_ng_sms_gateway:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ozeki.hu/index.php?owpn=231
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-Arbitary%20File%20Delete-Ozeki%20SMS%20Gateway

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-22T17:19:05

Updated: 2024-08-04T12:32:14.703Z

Reserved: 2020-06-11T00:00:00

Link: CVE-2020-14031

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-22T18:15:23.903

Modified: 2020-09-26T02:30:58.723

Link: CVE-2020-14031

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-22T17:19:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.ozeki.hu/index.php?owpn=231"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-Arbitary%20File%20Delete-Ozeki%20SMS%20Gateway"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14031", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ozeki.hu/index.php?owpn=231", "refsource": "MISC", "url": "http://www.ozeki.hu/index.php?owpn=231"}, {"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-Arbitary%20File%20Delete-Ozeki%20SMS%20Gateway", "refsource": "MISC", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-Arbitary%20File%20Delete-Ozeki%20SMS%20Gateway"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.703Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ozeki.hu/index.php?owpn=231"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-Arbitary%20File%20Delete-Ozeki%20SMS%20Gateway"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14031", "datePublished": "2020-09-22T17:19:05", "dateReserved": "2020-06-11T00:00:00", "dateUpdated": "2024-08-04T12:32:14.703Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ozeki:ozeki_ng_sms_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD2367CD-8681-42A5-99CF-4FEC7CAFFA35", "versionEndIncluding": "4.17.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Ozeki NG SMS Gateway versiones hasta 4.17.6. La funcionalidad outbox del m\u00f3dulo TXT File puede ser usada para eliminar todos o la mayor\u00eda de los archivos de una carpeta. Debido a que el producto normalmente se ejecuta como NT AUTHORITY\\SYSTEM, los \u00fanicos archivos que no ser\u00e1n eliminados son aquellos que actualmente est\u00e1n siendo ejecutados por el sistema y/o los archivos que contienen atributos de seguridad especiales (por ejemplo, archivos de Windows Defender)"}], "id": "CVE-2020-14031", "lastModified": "2020-09-26T02:30:58.723", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-22T18:15:23.903", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ozeki.hu/index.php?owpn=231"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14031-Arbitary%20File%20Delete-Ozeki%20SMS%20Gateway"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}