Vulnerability Description
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secudos | Domos | <= 5.8 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2020/Sep/51ExploitMailing ListThird Party Advisory
- https://github.com/patrickhener/CVE-2020-14293Third Party Advisory
- https://www.secudos.de/en/news-en/domos-release-5-9Release NotesVendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.tThird Party Advisory
- https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachsteExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Sep/51ExploitMailing ListThird Party Advisory
- https://github.com/patrickhener/CVE-2020-14293Third Party Advisory
- https://www.secudos.de/en/news-en/domos-release-5-9Release NotesVendor Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.tThird Party Advisory
- https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachsteExploitThird Party Advisory
FAQ
What is CVE-2020-14293?
CVE-2020-14293 is a vulnerability with a CVSS score of 7.5 (HIGH). conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
How severe is CVE-2020-14293?
CVE-2020-14293 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14293?
Check the references section above for vendor advisories and patch information. Affected products include: Secudos Domos.