Lucene search

K

PRIOn knowledge basePRION:CVE-2020-7237

HistoryJan 20, 2020 - 5:15 a.m.

Remote code execution

2020-01-2005:15:00

PRIOn knowledge base

www.prio-n.com

6

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

CPENameOperatorVersion
cactieq1.2.8

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool/

github.com/Cacti/cacti/issues/3201

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUSOTOIEJKD2IWJHN7TY56TDZJQZJUVJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XLZAMGTW2OSIBLYLXWHQBGWP7M4DTRS7/

security.gentoo.org/glsa/202003-40

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

Related for PRION:CVE-2020-7237

alpinelinux1 cvelist1 debiancve1 osv1 cve1 nvd1 ubuntucve1 nessus6 fedora7 openvas11 freebsd1 gentoo1 suse4