CVE-2020-27730 Information
Jun 07, 2022
cve
Description
In versions 3.0.0-3.9.0 2.0.0-2.9.0 and 1.0.1 the NGINX Controller Agent does not use absolute paths when calling system utilities.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://support.f5.com/csp/article/K43530108 https://security.netapp.com/advisory/ntap-20210115-0004/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: