CVE-2020-12078

Open-AudIT Professional 3.3.1 Remote Code Execution

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

Se descubrió un problema en Open-AudIT versión 3.3.1. Hay una inyección de metacaracteres de shell por medio de atributos en un URI open-audit/configuration/. Un atacante puede explotar esto al agregar una dirección IP excluida en la configuración de descubrimiento global (llamada internamente exclude_ip). Este valor exclude_ip es pasado a la función exec en el archivo discoveries_helper.php (dentro de la función all_ip_list) sin ser filtrado, lo que significa que el atacante puede proporcionar una carga útil en lugar de una dirección IP válida.

Open-AudIT Professional version 3.3.1 suffers from a remote code execution vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-23 CVE Reserved
2020-04-28 CVE Published
2020-04-28 First Exploit
2024-08-04 CVE Updated
2024-09-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC
https://github.com/mhaskar/CVE-2020-12078	2020-04-28
https://github.com/84KaliPleXon3/CVE-2020-12078	2020-04-28
http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html	2024-08-04
https://gist.github.com/mhaskar/dca62d0f0facc13f6364b8ed88d5a7fd	2024-08-04
https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078	2024-08-04

URL	Date	SRC
https://github.com/Opmantek/open-audit/commit/6ffc7f9032c55eaa1c37cf5e070809b7211c7e9a	2021-07-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opmantek Search vendor "Opmantek"		Open-audit Search vendor "Opmantek" for product "Open-audit"				3.3.1 Search vendor "Opmantek" for product "Open-audit" and version "3.3.1"		-		Affected