CVE-2020-24057

Published: Aug 21, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.

Affected (1)

Products: Verint: S5120fd Firmware

1 product

S5120fd Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Verint S5120fd Firmware	Version verint_fw_0_42

Running on/with	Platform Versions
Verint S5120fd	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://ioac.tv/2Nbc40h

Source: cve@mitre.org

ExploitThird Party Advisory

https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/

Source: cve@mitre.org

Third Party Advisory

https://ioac.tv/2Nbc40h

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.