PT-2019-14656 · Keeper · Keeper K5
Publicado
2019-09-19
·
Atualizado
2021-07-21
·
CVE-2019-16398
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Keeper K5 versions 20.1.0.25 through 20.1.0.63
Description
The issue allows for remote code execution by inserting an SD card with a specifically named file, zskj script run.sh, which can execute a reverse shell.
Recommendations
For Keeper K5 versions 20.1.0.25 through 20.1.0.63, consider disabling the execution of scripts from SD cards as a temporary mitigation measure until a patch is available. Restrict access to the device to minimize the risk of exploitation.
Exploit
Correção
Insufficient Verification of Data Authenticity
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Keeper K5