PT-2020-12642 · Zen · Zen Load Balancer

Code16

Published

2020-04-02

Updated

2020-04-06

CVE-2020-11490

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zen Load Balancer version 3.10.1

Description The issue allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in certain parameters. Specifically, the parameters cert issuer, cert division, cert organization, cert locality, cert state, cert country, or cert email in the index.cgi are vulnerable.

Recommendations For Zen Load Balancer version 3.10.1, consider restricting access to the index.cgi until a patch is available, and avoid using shell metacharacters in the cert issuer, cert division, cert organization, cert locality, cert state, cert country, or cert email parameters to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-11490

Affected Products

Zen Load Balancer

PT-2020-12642 · Zen · Zen Load Balancer

CVE-2020-11490

Weakness Enumeration

Related Identifiers

Affected Products

References · 4