PT-2020-19895 · Intellian · Intellian Aptus Web+1
Published
2020-01-25
·
Updated
2023-02-01
·
CVE-2020-7980
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Intellian Aptus Web version 1.24
Intellian Satellian version 1.12
Description
The issue allows remote attackers to execute arbitrary OS commands via the
Q field within JSON data to the "cgi-bin/libagent.cgi" URI. A valid sid cookie for a login to the Intellian default account might be needed.Recommendations
For Intellian Aptus Web version 1.24, consider disabling access to the "cgi-bin/libagent.cgi" URI until a patch is available.
For Intellian Satellian version 1.12, restrict the use of the
Q field within JSON data to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intellian Aptus Web
Intellian Satellian