CVE-2020-25560
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.
En SapphireIMS versión 5.0, es posible usar una credencial embebida en los clientes (nombre de usuario: sapphire, contraseña: ims) y obtener acceso al portal. Una vez que el acceso está disponible, el atacante puede inyectar comandos maliciosos del Sistema Operativo en las funciones "ping", "traceroute" y "snmp" y ejecutar código en el servidor. También observamos que lo mismo ocurre si se elimina completamente JSESSIONID
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-14 CVE Reserved
- 2021-08-11 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuln.shellcoder.party/tags/sapphireims | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://vuln.shellcoder.party/2020/09/19/cve-2020-25560-sapphireims-unauthenticated-remote-command-execution-on-server | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sapphireims Search vendor "Sapphireims" | Sapphireims Search vendor "Sapphireims" for product "Sapphireims" | 5.0 Search vendor "Sapphireims" for product "Sapphireims" and version "5.0" | - |
Affected
| ||||||