Secure Computing Snapgear Management Console Sg560 vulnerabilities
2 known vulnerabilities affecting secure_computing/snapgear_management_console_sg560.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-36909P2HIGHCVSS 8.8v3.1.52026-01-06
CVE-2020-36909 [HIGH] CWE-22 CVE-2020-36909: SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authe
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.
nvd
CVE-2020-36908P3HIGHCVSS 8.8v3.1.52026-01-06
CVE-2020-36908 [HIGH] CWE-352 CVE-2020-36908: SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits t
nvd