← voltar
CVE-2020-5757

CVE-2020-5757

EPSS 6.9%CWE-78
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 6.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 jul 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
Produtos afetados
n/a · Grandstream UCM6200 Series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.tenable.com/security/research/tra-2020-42