CVE-2020-24057 — HIGH (8.8)

Vulnerability Description

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Verint	S5120Fd Firmware	verint_fw_0_42
Verint	S5120Fd	-

Related Weaknesses (CWE)

CWE-78

References

https://ioac.tv/2Nbc40hExploitThird Party Advisory
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/Third Party Advisory
https://ioac.tv/2Nbc40hExploitThird Party Advisory
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/Third Party Advisory

FAQ

What is CVE-2020-24057?

CVE-2020-24057 is a vulnerability with a CVSS score of 8.8 (HIGH). The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a...

How severe is CVE-2020-24057?

CVE-2020-24057 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24057?

Check the references section above for vendor advisories and patch information. Affected products include: Verint S5120Fd Firmware, Verint S5120Fd.