3 matches found
CVE-2020-17384
Affected product: Cellopoint CelloOS v4.1.10 Build 20190922. Root cause: improper validation of URL input, enabling remote command execution. Exploitation requires the attacker to possess the system administrator’s cookie, leading to arbitrary command execution on the system. CVSS data indicates ...
CVE-2020-17386
Cellopoint Cellos/CelloOS vulnerability CVE-2020-17386: improper validation of URL input allows an authenticated user to tamper with a URL parameter via cookies and access arbitrary files on the system (SSRF). Affected product/version: Cellopoint CelloOS/Cellos v4.1.10 Build 20190922. Impact indi...
CVE-2020-17385
Affected software: Cellopoint CelloOS v4.1.10 Build 20190922. Issue: improper validation of URL input enables a Path Traversal attack to access arbitrary files on the system (CVE-2020-17385). Severity: CVSSv3.1 base score 7.5 (HIGH); attack vector NETWORK, privileges NONE, no user interaction. Pu...