CVE-2020-24548
MEDIUMEricom Access Server 9.2.0 - Server-Side Request Forgery via WebSocket Connection
Title source: llmDescription
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158962/Ericom-Access-Server-9.2.0-Server-Side-Request-Forgery.html
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=oDTd-yRxVJ0
Scores
CVSS v3
5.3
EPSS
0.0169
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
ericom/access_server
9.2.0
Published
Aug 26, 2020
Tracked Since
Feb 18, 2026