In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.
References
Link | Resource |
---|---|
https://vuln.shellcoder.party/2020/09/19/cve-2020-25560-sapphireims-unauthenticated-remote-command-execution-on-server/ | Exploit Third Party Advisory |
https://vuln.shellcoder.party/tags/sapphireims/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-08-11 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2020-25560
Mitre link : CVE-2020-25560
CVE.ORG link : CVE-2020-25560
JSON object : View
Products Affected
sapphireims
- sapphireims
CWE
CWE-798
Use of Hard-coded Credentials