CVSS: 10.0EPSS: 0%CPEs: 140EXPL: 1CVE-2020-29056
https://notcve.org/view.php?id=CVE-2020-29056
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. Se detectó un problema en Dispositivos CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD20D1104SN, FD1104S, FD20D1104SN, R220D1104SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN y FD8000. Uno puede escapar de un shell y adquirir privilegios de root aprovechando la configuración de descarga TFTP • https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •