Lucene search

MitreCVE-2020-14293

HistoryOct 02, 2020 - 9:15 a.m.

CVE-2020-14293

2020-10-0209:15:13

CWE-78

mitre

web.nvd.nist.gov

secudos domos

cve-2020-14293

remote command execution

security vulnerability

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.03

Percentile

90.9%

JSON

conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).

Affected configurations

Nvd

Node

secudosdomosRange≤5.8

VendorProductVersionCPE
secudosdomos*cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
secudos	domos	*	cpe:2.3:a:secudos:domos::::::::

References

seclists.org/fulldisclosure/2020/Sep/51

github.com/patrickhener/CVE-2020-14293

www.secudos.de/en/news-en/domos-release-5-9

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt

www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.03

Percentile

90.9%

JSON

Related for CVE-2020-14293