9.9

CVE-2020-15860

Exploit

EPSS 2.61%
Veröffentlicht 24.07.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 05:06:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parallels ≫ Remote Application Server Version17.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.61%	0.854

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://kb.parallels.com/en/125112

Vendor Advisory

https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution

Third Party Advisory

Exploit

https://www.parallels.com/products/ras/remote-application-server/

Product

https://nvd.nist.gov/vuln/detail/CVE-2020-15860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15860

EUVD