Published: 02/10/2020 Updated: 09/10/2020

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

conf_datetime in Secudos DOMOS 5.8 allows remote malicious users to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).

Vulnerable Product	Search on Vulmon	Subscribe to Product
secudos domos

DOMOS versions 58 and below suffer from a command injection vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    [SYSS-2020-025] DOMOS 58 - OS Command Injection   From: Patrick ...

This repository holds the advisory, exploits and vulnerable software of the CVE-2020-14293

CVE-2020-14293 This vulnerablity was discovered and disclosed by me This repository will hold the advisory, vulnerable software and the exploits This repository is only for educational purposes Links Advisory SYSS-2020-025 Detailed writeup SySS Blog entry [Exploit on Exploit-DB](wwwexploit-dbcom/exploits/xxxxx - TODO) Vendor notice MITRE Entry NVD Entry Software

CWE-78 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-025.txt https://github.com/patrickhener/CVE-2020-14293 https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata https://www.secudos.de/en/news-en/domos-release-5-9 http://seclists.org/fulldisclosure/2020/Sep/51 https://nvd.nist.gov https://github.com/patrickhener/CVE-2020-14293 http://seclists.org/fulldisclosure/2020/Sep/51

CVE-2020-14293

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect