CVE-2020-11698

Опубликовано: 17 сент. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Высокий

Описание

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.

Ссылки

http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/felmoltor
Third Party Advisory
https://sensepost.com/blog/2020/clash-of-the-spamtitan/
Exploit
Third Party Advisory
https://twitter.com/felmoltor
Third Party Advisory
https://www.spamtitan.com/
Vendor Advisory
http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/felmoltor
Third Party Advisory
https://sensepost.com/blog/2020/clash-of-the-spamtitan/
Exploit
Third Party Advisory
https://twitter.com/felmoltor
Third Party Advisory
https://www.spamtitan.com/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.83123

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-g8jr-rhv6-h7cj