PT-2020-12320 · Vesta · Vesta Control Panel

Published

2020-04-21

Updated

2021-07-21

CVE-2020-10786

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vesta Control Panel versions 0.9.8-26

Description A remote command execution issue allows any authenticated user to execute arbitrary commands on the system via cron jobs.

Recommendations For versions 0.9.8-26, consider restricting access to cron jobs to prevent exploitation until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of arbitrary command execution.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-10786

Affected Products

Vesta Control Panel

PT-2020-12320 · Vesta · Vesta Control Panel

CVE-2020-10786

Weakness Enumeration

Related Identifiers

Affected Products

References · 4