CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24548

Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.1%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/158962/Ericom-Access-Server-9.2.0-Server-Side-Request-Forgery.html
https://www.youtube.com/watch?v=oDTd-yRxVJ0
http://packetstormsecurity.com/files/158962/Ericom-Access-Server-9.2.0-Server-Side-Request-Forgery.html
https://www.youtube.com/watch?v=oDTd-yRxVJ0

Products affected by CVE-2020-24548

Ericom » Access Server » Version: 9.2.0

cpe:2.3:a:ericom:access_server:9.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24548

Products

Pricing

Contact Us