Vulnerability Description
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eyesofnetwork | Eyesofnetwork | >= 5.3, <= 5.3-8 |
Related Weaknesses (CWE)
References
- http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.isoPatchProductVendor Advisory
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/76Third Party Advisory
- https://www.eyesofnetwork.com/enProduct
- http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.isoPatchProductVendor Advisory
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/76Third Party Advisory
- https://www.eyesofnetwork.com/enProduct
FAQ
What is CVE-2020-27887?
CVE-2020-27887 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary p...
How severe is CVE-2020-27887?
CVE-2020-27887 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27887?
Check the references section above for vendor advisories and patch information. Affected products include: Eyesofnetwork Eyesofnetwork.