CVE-2020-19907

HIGH

8.8

CVSS Severity Score

EPSS Score0.0000%

EPSS Percentile19.68th

Published2021年7月12日

Last Modified2024年11月21日

Vulnerability Description

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.

Affected Platforms (CPE)

📦

Mitre

Caldera

<= 2.3.1

References & Advisories

🔗 https://cwe.mitre.org/data/definitions/78.html

🔗 https://github.com/mitre/caldera/issues/462

🔗 https://cwe.mitre.org/data/definitions/78.html

🔗 https://github.com/mitre/caldera/issues/462

相關漏洞威脅

CVE-2000-037410.0

The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from an...

CVE-2001-018110.0

Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execut...

CVE-2000-037010.0

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for ...

CVE-2014-293510.0

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell met...