Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-11956

Published: 14/07/2020 Updated: 21/07/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cmciii-pu-9333e0fb Firmware

Vulnerability Summary

An issue exists on Rittal PDU-3C002DEC up to and including 5.17.10 and CMCIII-PU-9333E0FB up to and including 3.17.10 devices. There is a least privilege violation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rittal cmciii-pu-9333e0fb_firmware

rittal pdu-3c002dec_firmware

rittal cmc_iii_pu_7030.000_firmware

rittal lcp-cw_firmware

rittal iot interface 3124.300

Exploits

Exploit DB: Rittal Products Bypass / Command Injection / Privilege Escalation
Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities Products include but are not limited to CMC III PU Compact, CMC III PU 7030000 PDU (whole portfolio), LCP-CW, and IoT Interface 31243 ...

Mailing Lists

Full Disclosure: SEC Consult SA-20200708-0 :: Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20200708-0 :: Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software <!-- ...

References

CWE-269https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/https://nvd.nist.govhttps://packetstormsecurity.com/files/158383/Rittal-Products-Bypass-Command-Injection-Privilege-Escalation.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook