← back
CVE-2020-35851

HGiga MailSherlock - Command Injection

CVSS 8.1 HIGHEPSS 1.7%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
HGiga · MailSherlock MSR45/SSR45

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html