Описание
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Ссылки
- Not Applicable
- Third Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.0.20.23 (включая)
Одновременно
cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08108
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
EPSS
Процентиль: 92%
0.08108
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
CWE-78