exploitDog

CVE-2020-12620

Опубликовано: 30 июл. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address).

Ссылки

https://0xpanic.github.io/2020/07/21/Pihole.html
Exploit
Third Party Advisory
https://github.com/pi-hole/pi-hole
Third Party Advisory
https://pi-hole.net/
Vendor Advisory
https://0xpanic.github.io/2020/07/21/Pihole.html
Exploit
Third Party Advisory
https://github.com/pi-hole/pi-hole
Third Party Advisory
https://pi-hole.net/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*

Версия до 5.0 (исключая)

EPSS

Процентиль: 68%

0.00563

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-6m9c-h626-jp3r

github

больше 3 лет назад

Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address).

EPSS

Процентиль: 68%

0.00563

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78