CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
microchipsyncserver_s100_firmware
2.90.70.3
microchipsyncserver_s200_firmware
1.30
microchipsyncserver_s250_firmware
1.25
microchipsyncserver_s300_firmware
2.65.0
microchipsyncserver_s350_firmware
2.80.1
𝑥
= Vulnerable software versions
References
https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_27.html
https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_27.html