CVE Vulnerability

CVE-2020-24034

Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.sagemcom.com/fr/haut-debit Vendor Advisory
https://seclists.org/fulldisclosure/2020/Sep/3 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/3 Mailing List Third Party Advisory
http://packetstormsecurity.com/files/159026/Sagemcom-F-ST-5280-Privilege-Escalation.html Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2020-09-01 06:15

Updated : 2020-09-11 02:36

NVD link : CVE-2020-24034

Mitre link : CVE-2020-24034

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data