PT-2020-16826 · Eyesofnetwork · Eyesofnetwork
H4Knet
·
Published
2020-10-29
·
Updated
2021-02-23
·
CVE-2020-27887
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
EyesOfNetwork versions 5.3 through 5.3-8
Description
An issue allows an authenticated web user with sufficient privileges to abuse the AutoDiscovery module and run arbitrary OS commands. This is achieved via the
nmap binary parameter to "lilac/autodiscovery.php" API endpoint.Recommendations
For EyesOfNetwork versions 5.3 through 5.3-8, consider restricting access to the AutoDiscovery module and limiting the use of the
nmap binary parameter in the "lilac/autodiscovery.php" API endpoint until a fix is available.Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eyesofnetwork