CVE-2018-20162

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 9.9

CVSS2: 9

EPSS Низкий

Описание

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.

Ссылки

http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html
Exploit
Third Party Advisory
VDB Entry
https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
https://seclists.org/bugtraq/2019/Feb/34
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html
Exploit
Third Party Advisory
VDB Entry
https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
https://seclists.org/bugtraq/2019/Feb/34
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:digi:transport_lr54_firmware:*:*:*:*:*:*:*:*

Версия до 4.4.0.26 (исключая)

cpe:2.3:h:digi:transport_lr54:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04506

Низкий

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-qqq3-6v7x-728w