CVE-2020-5847
CVE-2020-5847
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 95.8%KEV simPoC públicaNuclei simMetasploit simPatch —
Lifecycle
10 Feb 2020Metasploit module available
16 Mar 2020Published on NVD
20 Apr 2020Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Unraid versions up to 6.8.0 have a critical flaw that allows attackers to run malicious code remotely on the system without any authentication required. This means someone from the internet could take complete control of your Unraid server.
Technical detail
CVE-2020-5847 is a remote code execution vulnerability in Unraid ≤6.8.0 that permits unauthenticated remote attackers to execute arbitrary code on the affected system. The vulnerability requires network access but no prior authentication or user interaction, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
Unraid through 6.8.0 allows Remote Code Execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48353unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.htmlhttps://forums.unraid.net/forum/7-announcements/https://sysdream.com/news/lab/https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5847