Login Sign Up

CVE-2020-14030

7.2 HIGH
Remote Code Execution Deserialization

📋 TL;DR

This vulnerability in Ozeki NG SMS Gateway allows attackers to achieve remote code execution by exploiting insecure .NET deserialization. Attackers can write malicious serialized files to the filesystem that the application will deserialize, executing arbitrary code. All users of Ozeki NG SMS Gateway through version 4.17.6 are affected.

💻 Affected Systems

Products:
  • Ozeki NG SMS Gateway
Versions: Through 4.17.6
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration when SMS messages are stored in .NET serialized format on filesystem.

📦 What is this software?

Ozeki Ng Sms Gateway by Ozeki

View all CVEs affecting Ozeki Ng Sms Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, allowing data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Attacker gains remote code execution with application-level privileges, potentially leading to SMS interception, data exfiltration, and further network compromise.

🟢

If Mitigated

With proper network segmentation and least privilege, impact limited to the SMS gateway application and its data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires ability to write files to the SMS storage directory, which may be accessible via various attack vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.17.7 or later

Vendor Advisory: http://www.ozeki.hu/index.php?owpn=231

Restart Required: Yes

Instructions:

1. Download latest version from Ozeki website. 2. Backup configuration and data. 3. Install update. 4. Restart service. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict filesystem access

windows

Apply strict filesystem permissions to SMS storage directory to prevent unauthorized file writes.

icacls "C:\Program Files\Ozeki\OzekiNG SMS Gateway\Data" /deny Everyone:(W)

Network segmentation

all

Isolate SMS gateway from internet and restrict access to necessary network segments only.

🧯 If You Can't Patch

  • Implement strict filesystem permissions on SMS storage directory to prevent unauthorized writes
  • Deploy application-level firewall rules to restrict access to SMS gateway service

🔍 How to Verify

Check if Vulnerable:

Check installed version in application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Ozeki\OzekiNG SMS Gateway\Version

Check Version:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Ozeki\OzekiNG SMS Gateway" /v Version

Verify Fix Applied:

Verify version is 4.17.7 or later and test SMS functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file writes to SMS storage directory
  • Failed deserialization attempts in application logs
  • Unexpected process execution from SMS gateway context

Network Indicators:

  • Unusual outbound connections from SMS gateway server
  • SMS traffic anomalies

SIEM Query:

source="OzekiSMS" AND (event_type="deserialization_error" OR process_execution="powershell" OR process_execution="cmd")

📊 Metadata

CVE ID: CVE-2020-14030
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: September 30, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14030, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)