nvd-json-data-feeds/CVE-2020/CVE-2020-87xx/CVE-2020-8797.json

{
  "id": "CVE-2020-8797",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-04-23T18:15:11.903",
  "lastModified": "2021-07-21T11:39:23.747",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network."
    },
    {
      "lang": "es",
      "value": "Juplink RX4-1500 versi\u00f3n v1.0.3, permite a atacantes remotos conseguir acceso root al subsistema Linux por medio de una llamada ejecutiva no saneada (tambi\u00e9n se conoce como Inyecci\u00f3n de L\u00ednea de Comando), si el servicio telnetd no documentado est\u00e1 habilitado y el atacante puede autenticarse como un administrador desde la red local."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cerne.xyz/bugs/CVE-2020-8797.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}