exploitDog

CVE-2020-13167

Опубликовано: 19 мая 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.

Ссылки

https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
Exploit
Third Party Advisory
https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*

Версия до 6.4.3 (включая)

EPSS

Процентиль: 100%

0.93355

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-cq58-5c97-qv25

github

больше 3 лет назад

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.

EPSS

Процентиль: 100%

0.93355

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78