admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-89xx/CVE-2020-8949.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

244 lines
7.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-8949",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-02-12T19:15:14.217",
"lastModified": "2024-11-21T05:39:43.493",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring."
},
{
"lang": "es",
"value": "Los dispositivos Gocloud S2A_WL versi\u00f3n 4.2.7.16471, S2A versi\u00f3n 4.2.7.17278, S2A versi\u00f3n 4.3.0.15815, S2A versi\u00f3n 4.3.0.17193, S3A K2P MTK versi\u00f3n 4.2.7.16528, S3A versi\u00f3n 4.3.0.16572 e ISP3000 versi\u00f3n 4.3.0.17190, permiten a atacantes remotos ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en una operaci\u00f3n de ping, como es demostrado por la subcadena cgi-bin/webui/admin/tools/app_ping/diag_ping/;."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:s2a_wl_firmware:4.2.7.16471:*:*:*:*:*:*:*",
"matchCriteriaId": "C878CC90-6EBE-4EC2-975A-17D05AC48FB6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gocloud:s2a_wl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57294A77-FB20-4A70-A80D-21E6A7A1ACC5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:s2a_firmware:4.2.7.17278:*:*:*:*:*:*:*",
"matchCriteriaId": "B447F2A6-1CCF-4DA6-AEEA-698B5E93A5F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:s2a_firmware:4.3.0.15815:*:*:*:*:*:*:*",
"matchCriteriaId": "366F8134-90E7-4F45-827A-55B47EF39C4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:s2a_firmware:4.3.0.17193:*:*:*:*:*:*:*",
"matchCriteriaId": "6F12429A-770C-4531-984A-9A1CC5B1B7CD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gocloud:s2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E7680F-A410-426F-8B52-4075CAE9784E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:s3a_k2p_mtk_firmware:4.2.7.16528:*:*:*:*:*:*:*",
"matchCriteriaId": "213A878A-766A-4FA6-9330-2D187575639D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gocloud:s3a_k2p_mtk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC97450-9CEA-4007-8319-C4FF88DFD173"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:s3a_firmware:4.3.0.16572:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6FC872-A9F6-46B7-A12E-3806378F199E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gocloud:s3a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA7B3E2-F96A-4272-A430-B1286ECF29FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gocloud:isp3000_firmware:4.3.0.17190:*:*:*:*:*:*:*",
"matchCriteriaId": "FF715421-8FA8-4792-8081-4889B4E63029"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gocloud:isp3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "465CE426-F9EF-4879-91E0-4F3E4684BF1C"
}
]
}
]
}
],
"references": [
{
"url": "https://sku11army.blogspot.com/2020/02/gocloud-rce-in-gocloud-routers.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://sku11army.blogspot.com/2020/02/gocloud-rce-in-gocloud-routers.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink