PT-2020-14775 · Telmat · Telmat Accesslog

Podalirius

Published

2020-09-24

Updated

2022-04-28

CVE-2020-16147

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Telmat AccessLog versions prior to 6.0 (TAL 20180415)

Description The issue allows an attacker to gain root shell access through unauthenticated code injection over the network, specifically targeting the login page.

Recommendations For Telmat AccessLog versions prior to 6.0 (TAL 20180415), consider disabling the login page functionality until a patch is available to prevent unauthenticated code injection attacks.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-16147

Affected Products

Telmat Accesslog

PT-2020-14775 · Telmat · Telmat Accesslog

CVE-2020-16147

Weakness Enumeration

Related Identifiers

Affected Products

References · 4