CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8655

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score64.6730%
EPSS Percentile93.84th
PublishedFeb 7, 2020
Last ModifiedNov 10, 2025

Vulnerability Description

An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.

Affected Platforms (CPE)

πŸ“¦
Eyesofnetwork

Eyesofnetwork

= 5.3-0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
πŸ”— https://github.com/EyesOfNetworkCommunity/eonconf/issues/8
πŸ”— http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
πŸ”— https://github.com/EyesOfNetworkCommunity/eonconf/issues/8
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8655

Related Vulnerabilities

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-86579.8

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_funct...

CVE-2020-86569.8

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated a...

CVE-2020-278869.8

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin...