Vulnerability Description
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pyres | Termod4 Firmware | < 10.04k |
| Pyres | Termod4 | - |
References
- https://github.com/Outpost24/Pyrescom-Termod-PoCExploitThird Party Advisory
- https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-TermoExploitTechnical DescriptionThird Party Advisory
- https://pyres.com/en/solutions/termod-4/ProductVendor Advisory
- https://github.com/Outpost24/Pyrescom-Termod-PoCExploitThird Party Advisory
- https://outpost24.com/blog/multiple-vulnerabilities-discovered-in-Pyrescom-TermoExploitTechnical DescriptionThird Party Advisory
- https://pyres.com/en/solutions/termod-4/ProductVendor Advisory
FAQ
What is CVE-2020-23160?
CVE-2020-23160 is a vulnerability with a CVSS score of 8.8 (HIGH). Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
How severe is CVE-2020-23160?
CVE-2020-23160 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-23160?
Check the references section above for vendor advisories and patch information. Affected products include: Pyres Termod4 Firmware, Pyres Termod4.