CVE-2020-8654
CVE-2020-8654
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 85.6%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Lifecycle
06 Feb 2020Metasploit module available
06 Feb 2020Published on NVD
07 Feb 2020Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48169unverifiedexploitdbwww.exploit-db.com/exploits/48025unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.