CVE-2020-11467

Published: Apr 1, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution.

Affected (1)

Products: Deskpro: Deskpro

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Deskpro Deskpro	Before 2019.8.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/

Source: cve@mitre.org

ExploitThird Party Advisory

https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09

Source: cve@mitre.org

Release NotesVendor Advisory

https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update

Source: cve@mitre.org

Release NotesVendor Advisory

https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.