Lucene search

[email protected]CVE-2020-10583

HistoryMar 25, 2021 - 8:15 p.m.

CVE-2020-10583

2021-03-2520:15:12

CWE-78

[email protected]

web.nvd.nist.gov

invigo

adm

cve-2020-10583

os command execution

remote attack

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.

Affected configurations

NVD

Node

invigoautomatic_device_managementRange≤5.0

CPENameOperatorVersion
invigo:automatic_device_managementinvigo automatic device managementle5.0

CPE	Name	Operator	Version
invigo:automatic_device_management	invigo automatic device management	le	5.0

References

www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf

Social References

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2020-10583

prion1 checkpoint_advisories1 cvelist1 nvd1