CVE Vulnerability

CVE-2020-14293

conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt Third Party Advisory
https://github.com/patrickhener/CVE-2020-14293 Third Party Advisory
https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata Exploit Third Party Advisory
https://www.secudos.de/en/news-en/domos-release-5-9 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2020/Sep/51 Exploit Mailing List
Configurations

Configuration 1

cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*
Information

Published : 2020-10-02 09:15

Updated : 2020-10-09 03:06

NVD link : CVE-2020-14293

Mitre link : CVE-2020-14293

Products Affected
No products.
CWE
CWE-78