CVE-2020-36529

SevOne Network Management System Traceroute traceroute.php command injection

CVSS 8.8 HIGHEPSS 3.9%CWE-77

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 3.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

03 jun 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

SevOne · Network Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://seclists.org/fulldisclosure/2020/Oct/5 https://vuldb.com/?id.162261