CVE-2020-29551 Information

Jun 07, 2022 cve

Description

An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path it is possible to shutdown the system. Among others the following files and scripts are also accessible: _internal/pc/abort.php _internal/pc/restart.php _internal/pc/vpro.php _internal/pc/wake.php _internal/error_u201409.txt _internal/runcmd.php _internal/getConfiguration.php ews/autoload.php ews/del.php ews/mod.php ews/sync.php utils/backup/backup_server.php utils/backup/restore_server.php MyScreens/timeline.config kreator.html5/test.php and addedlogs.txt.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Reference

https://urve.co.uk/system-rezerwacji-sal https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-041.txt http://seclists.org/fulldisclosure/2020/Dec/48 http://packetstormsecurity.com/files/160725/URVE-Software-Build-24.03.2020-Missing-Authorization.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

9.1

Share on: