Lucene search

K

MitreCVELIST:CVE-2020-7237

HistoryJan 20, 2020 - 4:06 a.m.

CVE-2020-7237

2020-01-2004:06:41

mitre

www.cve.org

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool/

github.com/Cacti/cacti/issues/3201

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUSOTOIEJKD2IWJHN7TY56TDZJQZJUVJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XLZAMGTW2OSIBLYLXWHQBGWP7M4DTRS7/

security.gentoo.org/glsa/202003-40

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

Related for CVELIST:CVE-2020-7237

alpinelinux1 cve1 ubuntucve1 osv1 nvd1 prion1 debiancve1 nessus6 fedora7 openvas11 freebsd1 gentoo1 suse4