CVE-2020-15329

Vulnerability

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 have weak file permissions on the Data.fs file, which is the ZODB (Zope Object Database) storage file. This misconfiguration allows unauthenticated remote attackers to read and potentially write to the database, as the ZODB storage is exposed without authentication [1].

Exploitation

An attacker can connect to the exposed ZODB storage via the network without any authentication. By directly accessing the Data.fs file, the attacker can read or modify the entire database content. No prior access or user interaction is required [1].

Impact

Successful exploitation allows the attacker to retrieve sensitive configuration data stored in the ZODB database, including credentials and system settings. This can lead to a full compromise of the SecuManager appliance, resulting in information disclosure, privilege escalation, and potential lateral movement within the network [1].

Mitigation

As of the disclosure date (March 2020), no official patch was available. Users should restrict network access to the SecuManager appliance, ensure it is not exposed to the internet, and monitor for any signs of unauthorized access. Isolating the device on a trusted management network is recommended [1].