Lucene search

[email protected]CVE-2020-23160

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-23160

2021-01-2618:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-23160

pyrescom

termod4

time management

remote code execution

nvd

security vulnerability

root access

authenticated attackers

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.

CPENameOperatorVersion
pyres:termod4_firmwarepyres termod4 firmwarelt10.04k

CPE	Name	Operator	Version
pyres:termod4_firmware	pyres termod4 firmware	lt	10.04k

References

github.com/Outpost24/Pyrescom-Termod-PoC

outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-Termod4-smart-device

pyres.com/en/solutions/termod-4/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2020-23160

prion1 checkpoint_advisories1 githubexploit1