← back
CVE-2020-12487

Command Execution Vulnerability in ABE service

CVSS 7 HIGHEPSS 0.3%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected products
vivo · ABE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.vivo.com/en/support/security-advisory-detail?id=4