PT-2020-12496 · Intel · Intelmq Manager

Bernhard Herzog

Published

2020-04-30

Updated

2020-05-06

CVE-2020-11016

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions IntelMQ Manager versions 1.1.0 through 2.1.0

Description The issue arises from the backend's incorrect handling of user-input messages in the "send" functionality of the Inspect-tool of the Monitor component. This could allow an attacker with access to the IntelMQ Manager to execute arbitrary code with the privileges of the webserver.

Recommendations For IntelMQ Manager versions 1.1.0 through 2.1.0, update to version 2.1.1 to fix the vulnerability. As a temporary workaround, consider restricting access to the Inspect-tool of the Monitor component until the update is applied.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-11016

GHSA-RRHH-RCGP-Q2M2

Affected Products

Intelmq Manager

PT-2020-12496 · Intel · Intelmq Manager

CVE-2020-11016

Weakness Enumeration

Related Identifiers

Affected Products

References · 7