Vulnerability Details : CVE-2020-8429
The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command.
Exploit prediction scoring system (EPSS) score for CVE-2020-8429
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-8429
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-8429
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8429
-
https://support.kinetica.com/hc/en-us/categories/360001223653-Release-Notes
Release Notes – KineticaRelease Notes;Vendor Advisory
-
https://www.nccgroup.trust/uk/our-research/technical-advisory-command-injection/?research=Technical+advisories
Technical Advisory: Command InjectionExploit;Third Party Advisory
Products affected by CVE-2020-8429
- cpe:2.3:a:kinetica:kinetica:7.0.9.2.20191118151947:*:*:*:*:*:*:*