CVE-2020-8429 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kinetica	Kinetica	7.0.9.2.20191118151947

Related Weaknesses (CWE)

CWE-78

References

https://support.kinetica.com/hc/en-us/categories/360001223653-Release-NotesRelease NotesVendor Advisory
https://www.nccgroup.trust/uk/our-research/technical-advisory-command-injection/ExploitThird Party Advisory
https://support.kinetica.com/hc/en-us/categories/360001223653-Release-NotesRelease NotesVendor Advisory
https://www.nccgroup.trust/uk/our-research/technical-advisory-command-injection/ExploitThird Party Advisory

FAQ

What is CVE-2020-8429?

CVE-2020-8429 is a vulnerability with a CVSS score of 8.8 (HIGH). The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attac...

How severe is CVE-2020-8429?

CVE-2020-8429 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8429?

Check the references section above for vendor advisories and patch information. Affected products include: Kinetica Kinetica.