Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".

🗓️ 25 Oct 2020 00:00:00Reported by MicrosoftType 
mscve
 mscve🔗 msrc.microsoft.com👁 2 Views

Busybox wget has missing SSL validation enabling arbitrary code execution when downloading HTTPS.

Related
Detection
ReporterTitlePublishedViews
Family
AlpineLinux		CVE-2018-1000500
26 Jun 201816:00
alpinelinux
AstraLinux		 Astra Linux - уязвимость в busybox
20 May 202605:53
astralinux
Information Security Automation		Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
30 Dec 202218:03
avleonov
BDU FSTEC		The vulnerability of the busybox wget component in the UNIX command-line utilities of BusyBox allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
14 Sep 202200:00
bdu_fstec
CBLMariner		CVE-2018-1000500 affecting package busybox 1.31.1-3
6 Apr 202123:50
cbl_mariner
Cloud Foundry		USN-4531-1: BusyBox vulnerability | Cloud Foundry
19 Nov 202000:00
cloudfoundry
CNVD		Busybox Code Execution Vulnerability
28 Jun 201800:00
cnvd
CVE		CVE-2018-1000500
26 Jun 201816:00
cve
Cvelist		CVE-2018-1000500
26 Jun 201816:00
cvelist
Debian CVE		CVE-2018-1000500
26 Jun 201816:00
debiancve
Rows per page
Vulners
Node
microsoftcm1_busybox_1.32.0-2Range<1.32.0-2

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Oct 2020 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS 26.8
CVSS 3.16.5 - 8.1
EPSS0.00409
SSVC
busyboxwget appletmissing certificate validationarbitrary code executionhttps download
2