CVE Vulnerability

CVE-2020-11733

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

6.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/a05110511t/CVE/blob/master/CVE-2020-11733.md Third Party Advisory
https://gist.github.com/a05110511t/65d07bc776d7c11b4ccf112a09cca4ab Third Party Advisory
Configurations

Configuration 1
Information

Published : 2020-08-13 02:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-11733

Mitre link : CVE-2020-11733

Products Affected
No products.
CWE
CWE-78