CVE-2020-21224

Name of the Vulnerable Software and Affected Versions Inspur ClusterEngine version V4.0

Description A Remote Code Execution issue has been found, allowing a remote attacker to send a malicious login packet to the control server. The vulnerability is related to the injection or modification of arguments with the ' parameter, which can be exploited by sending specially crafted packets, enabling the attacker to execute arbitrary code.

Recommendations For Inspur ClusterEngine version V4.0, consider disabling the login functionality until a patch is available. Restrict access to the control server to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.