CVE-2020-5759

critical

Description

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.

References

https://www.tenable.com/security/research/tra-2020-42

https://www.tenable.com/cve/CVE-2020-5759

Details

Source: Mitre, NVD

Published: 2020-07-17

Updated: 2020-07-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H