CVE-2020-35370 — HIGH (8.8)

Q: How severe is CVE-2020-35370?

CVE-2020-35370 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-35370?

Check the references section above for vendor advisories and patch information. Affected products include: Raysync Raysync.

Vulnerability Description

A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Raysync	Raysync	< 3.3.3.8

Related Weaknesses (CWE)

CWE-22

References

https://www.exploit-db.com/exploits/49265ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/49265ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2020-35370?

CVE-2020-35370 is a vulnerability with a CVSS score of 8.8 (HIGH). A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can ...

How severe is CVE-2020-35370?

CVE-2020-35370 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-35370?

Check the references section above for vendor advisories and patch information. Affected products include: Raysync Raysync.