Lucene search

[email protected]CVE-2020-15922

HistoryJul 24, 2020 - 1:15 a.m.

CVE-2020-15922

2020-07-2401:15:12

CWE-78

[email protected]

web.nvd.nist.gov

cve

2020

15922

os command injection

mida eframework

remote code execution

rce

authentication required

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.

Affected configurations

NVD

Node

midasolutionseframeworkRange≤2.9.0

CPENameOperatorVersion
midasolutions:eframeworkmidasolutions eframeworkle2.9.0

CPE	Name	Operator	Version
midasolutions:eframework	midasolutions eframework	le	2.9.0

References

packetstormsecurity.com/files/159314/Mida-eFramework-2.8.9-Remote-Code-Execution.html

elbae.github.io/jekyll/update/2020/07/14/vulns-01.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

Related for CVE-2020-15922

nvd1 prion1 cvelist1 packetstorm1 exploitdb1