1. Home
  2. CVE Database
  3. CVE-2020-5759
CRITICAL · 9.8

CVE-2020-5759

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a speci...

Vulnerability Description

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GrandstreamUcm6202 Firmware<= 1.0.20.23
GrandstreamUcm6202-
GrandstreamUcm6204 Firmware<= 1.0.20.23
GrandstreamUcm6204-
GrandstreamUcm6208 Firmware<= 1.0.20.23
GrandstreamUcm6208-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2020-5759?

CVE-2020-5759 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a speci...

How severe is CVE-2020-5759?

CVE-2020-5759 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-5759?

Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ucm6202 Firmware, Grandstream Ucm6202, Grandstream Ucm6204 Firmware, Grandstream Ucm6204, Grandstream Ucm6208 Firmware.