Lucene search

[email protected]CVE-2020-35769

HistoryDec 29, 2020 - 6:15 a.m.

CVE-2020-35769

2020-12-2906:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-35769

webmin

windows

cgi

query arguments

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

CPENameOperatorVersion
webmin:webminwebmineq1.962

CPE	Name	Operator	Version
webmin:webmin	webmin	eq	1.962

References

github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6

vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2020-35769

cvelist1 openvas1 osv1 prion1 nessus1