PT-2021-9158 · Invigo · Invigo Automatic Device Management

Published

2021-03-25

Updated

2021-03-27

CVE-2020-10583

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Invigo Automatic Device Management (ADM) versions through 5.0

Description The issue allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. This is possible through the /admin/admapi.php script.

Recommendations For Invigo Automatic Device Management (ADM) versions through 5.0, consider disabling access to the /admin/admapi.php script until a patch is available. Restricting the privileges of the user running the application can also help minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-10583

Affected Products

Invigo Automatic Device Management

PT-2021-9158 · Invigo · Invigo Automatic Device Management

CVE-2020-10583

Weakness Enumeration

Related Identifiers

Affected Products

References · 4