PT-2019-13145 · Supermicro · Superdoctor 5

Published

2019-07-01

Updated

2020-08-24

CVE-2019-13131

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Super Micro SuperDoctor 5 (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary commands via NRPE when restrictions are not implemented in agent.cfg.

Recommendations For Super Micro SuperDoctor 5, implement restrictions in the agent.cfg file to prevent remote attackers from executing arbitrary commands.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-13131

Affected Products

Superdoctor 5

PT-2019-13145 · Supermicro · Superdoctor 5

CVE-2019-13131

Weakness Enumeration

Related Identifiers

Affected Products

References · 3