10

CVE-2020-5847

Warnung
Exploit
Unraid through 6.8.0 allows Remote Code Execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UnraidUnraid Version <= 6.8.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Unraid Remote Code Execution Vulnerability

Schwachstelle

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 95.84% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://sysdream.com/news/lab/
Third Party Advisory
http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html
Third Party Advisory
Exploit
VDB Entry
https://forums.unraid.net/forum/7-announcements/
Vendor Advisory
Release Notes
https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
Third Party Advisory
Exploit
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5847
US Government Resource