← back
CVE-2020-7849

UPRISM CURIX arbitrary code execution vulnerability

CVSS 8 HIGHEPSS 1.3%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →