PT-2020-14868 · Rangeeos · Rangeeos+1
Published
2020-08-20
·
Updated
2020-08-26
·
CVE-2020-16281
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RangeeOS version 8.0.4
Description
The issue allows a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible in the Kommbox component.
Recommendations
For RangeeOS version 8.0.4, consider restricting access to the Kommbox component or limiting the functionality of context menus to prevent arbitrary code execution until a patch is available.
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kommbox
Rangeeos