CVE-2020-35851

HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hgiga:msr45_isherlock-user::::::::
	cpe:2.3:a:hgiga:ssr45_isherlock-user::::::::

History

No history.

Information

Published : 2020-12-31 08:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-35851

Mitre link : CVE-2020-35851

CVE.ORG link : CVE-2020-35851

JSON object : View

Products Affected

hgiga

msr45_isherlock-user
ssr45_isherlock-user

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2020-35851", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2020-12-31T08:15:13.923", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system."}, {"lang": "es", "value": "HGiga MailSherlock no comprueba apropiadamente par\u00e1metros espec\u00edficos. Unos atacantes pueden usar la vulnerabilidad para iniciar ataques de inyecci\u00f3n de Comandos remotamente y ejecutar comandos arbitrarios del sistema."}], "lastModified": "2021-01-07T21:32:06.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hgiga:msr45_isherlock-user:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77EB4DB5-0CF5-48E1-950A-4ADD1130F936", "versionEndExcluding": "4.5-115"}, {"criteria": "cpe:2.3:a:hgiga:ssr45_isherlock-user:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "888A77BF-2F0C-4228-880B-EF983282AAC7", "versionEndExcluding": "4.5-115"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}