CVE-2020-10569

Published: Apr 21, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938

Affected (1)

Products: Sysaid: On Premise

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sysaid On Premise	Version 20.1.11

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://packetstormsecurity.com/files/157314/Sysaid-20.1.11-b26-Remote-Command-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.sysaid.com/product/on-premise/20-2/release-notes

Source: cve@mitre.org

Release NotesVendor Advisory

http://packetstormsecurity.com/files/157314/Sysaid-20.1.11-b26-Remote-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.sysaid.com/product/on-premise/20-2/release-notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.