CVE-2020-14293

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 8.5

EPSS Средний

Описание

conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).

Ссылки

http://seclists.org/fulldisclosure/2020/Sep/51
Exploit
Mailing List
Third Party Advisory
https://github.com/patrickhener/CVE-2020-14293
Third Party Advisory
https://www.secudos.de/en/news-en/domos-release-5-9
Release Notes
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt
Third Party Advisory
https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/51
Exploit
Mailing List
Third Party Advisory
https://github.com/patrickhener/CVE-2020-14293
Third Party Advisory
https://www.secudos.de/en/news-en/domos-release-5-9
Release Notes
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt
Third Party Advisory
https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*

Версия до 5.8 (включая)

EPSS

Процентиль: 96%

0.28802

Средний

7.5 High

CVSS3

8.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-fmjp-4h8h-4q4c

github

больше 3 лет назад