9.1
CVE-2020-8816
- EPSS 77.85%
- Veröffentlicht 29.05.2020 19:15:10
- Zuletzt bearbeitet 10.11.2025 14:42:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
10.12.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Pi-Hole AdminLTE Remote Code Execution Vulnerability
SchwachstellePi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 77.85% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cve@mitre.org | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
http://packetstormsecurity.com/files/157861/Pi-Hole-4.3.2-DHCP-MAC-OS-Command-Execution.html
http://packetstormsecurity.com/files/158737/Pi-hole-4.3.2-Remote-Code-Execution.html
https://github.com/pi-hole/AdminLTE/commits/master
https://github.com/pi-hole/AdminLTE/pull/1165
https://github.com/pi-hole/AdminLTE/releases/tag/v4.3.3
https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
https://twitter.com/Nate_Kappa/status/1243900213665902592?s=20
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8816