Lucene search

GoogleOSV:CVE-2020-7209

HistoryFeb 13, 2020 - 12:15 a.m.

CVE-2020-7209

2020-02-1300:15:11

Google

osv.dev

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

CPENameOperatorVersion
linuxkieq5.9-1
linuxkieq6.0-1
linuxkieq5.6-1
linuxkieq5.7-1
linuxkieq5.10-1
linuxkieq5.5-1
linuxkieq5.8-1
linuxkieq5.4-2
linuxkieq5.4-1
linuxkieq5.10-2

Name	Operator	Version
linuxki	eq	5.9-1
linuxki	eq	6.0-1
linuxki	eq	5.6-1
linuxki	eq	5.7-1
linuxki	eq	5.10-1
linuxki	eq	5.5-1
linuxki	eq	5.8-1
linuxki	eq	5.4-2
linuxki	eq	5.4-1
linuxki	eq	5.10-2

References

packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html

packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html

github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON

Related for OSV:CVE-2020-7209