CVE-2020-5632
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.
Serie InfoCage SiteShell (Host type SiteShell para IIS V1.4, V1.5 y V1.6, tipo de Host SiteShell para IIS versiones anteriores a V2.0.0.6, V2.1.0.7, V2.1.1.6, V3. 0.0.11, V4.0.0.6, V4.1.0.5 y V4.2.0.1, tipo de host SiteShell para Apache Windows V1.4, V1.5 y V1.6, y tipo de host SiteShell para Apache Windows anterior a revisión V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5 y V4.2.0.1), permiten a atacantes autenticados omitir una restricción de acceso y ejecutar código arbitrario con un privilegio elevado por medio de archivos ejecutables especialmente diseñados
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-06 CVE Reserved
- 2020-10-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN07426151/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jpn.nec.com/infocage/siteshell/everyone_20200918.html | 2020-10-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | < 2.0.0.6 Search vendor "Nec" for product "Infocage Siteshell" and version " < 2.0.0.6" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 2.0.0.0 < 2.0.0.6 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 2.0.0.0 < 2.0.0.6" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 2.1.0.0 < 2.1.0.7 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 2.1.0.0 < 2.1.0.7" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 2.1.0.0 < 2.1.0.7 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 2.1.0.0 < 2.1.0.7" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 2.1.1.0 < 2.1.1.6 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 2.1.1.0 < 2.1.1.6" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 2.1.1.0 < 2.1.1.6 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 2.1.1.0 < 2.1.1.6" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 3.0.0.0 < 3.0.0.11 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 3.0.0.0 < 3.0.0.11" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 3.0.0.0 < 3.0.0.11 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 3.0.0.0 < 3.0.0.11" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 4.0.0.0 < 4.0.0.6 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 4.0.0.0 < 4.0.0.6" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 4.0.0.0 < 4.0.0.6 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 4.0.0.0 < 4.0.0.6" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 4.1.0.0 < 4.1.0.5 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 4.1.0.0 < 4.1.0.5" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 4.1.0.0 < 4.1.0.5 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 4.1.0.0 < 4.1.0.5" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 4.2.0.0 < 4.2.0.1 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 4.2.0.0 < 4.2.0.1" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | >= 4.2.0.0 < 4.2.0.1 Search vendor "Nec" for product "Infocage Siteshell" and version " >= 4.2.0.0 < 4.2.0.1" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | 1.4 Search vendor "Nec" for product "Infocage Siteshell" and version "1.4" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | 1.4 Search vendor "Nec" for product "Infocage Siteshell" and version "1.4" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | 1.5 Search vendor "Nec" for product "Infocage Siteshell" and version "1.5" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | 1.5 Search vendor "Nec" for product "Infocage Siteshell" and version "1.5" | iis |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | 1.6 Search vendor "Nec" for product "Infocage Siteshell" and version "1.6" | apache_windows |
Affected
| ||||||
| Nec Search vendor "Nec" | Infocage Siteshell Search vendor "Nec" for product "Infocage Siteshell" | 1.6 Search vendor "Nec" for product "Infocage Siteshell" and version "1.6" | iis |
Affected
| ||||||