PT-2020-16955 · Cellinx · Cellinx Nvt Web Server

Published

2020-11-06

Updated

2020-11-19

CVE-2020-28250

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cellinx NVT Web Server version 5.0.0.014b.test

Description The issue allows a remote user to run commands as root via SetFileContent.cgi because authentication is performed on the client side. This means that the authentication checks are done on the client's machine rather than on the server, which can be bypassed or manipulated by an attacker.

Recommendations For Cellinx NVT Web Server version 5.0.0.014b.test, consider disabling the SetFileContent.cgi script until a proper server-side authentication mechanism is implemented to prevent unauthorized access. Restrict access to the SetFileContent.cgi endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-28250

Affected Products

Cellinx Nvt Web Server

PT-2020-16955 · Cellinx · Cellinx Nvt Web Server

CVE-2020-28250

Related Identifiers

Affected Products

References · 4