{"containers": {"cna": {"affected": [{"product": "Grandstream UCM6200 Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions 1.0.20.23 and below"}]}], "descriptions": [{"lang": "en", "value": "Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's \"Old\" HTTPS API."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-17T20:35:47", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/research/tra-2020-42"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5758", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Grandstream UCM6200 Series", "version": {"version_data": [{"version_value": "Versions 1.0.20.23 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's \"Old\" HTTPS API."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2020-42", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/research/tra-2020-42"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.723Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2020-42"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5758", "datePublished": "2020-07-17T20:35:47", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.723Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "685CBD60-7C46-4DF8-A25C-8003D02B0175", "versionEndIncluding": "1.0.20.23", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:ucm6202:-:*:*:*:*:*:*:*", "matchCriteriaId": "9864BD0F-BE9C-4F72-AB57-77036699029B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A180364-ABDF-49EE-80CB-31DA799DDA1C", "versionEndIncluding": "1.0.20.23", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:ucm6204:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5A26ABB-8BED-4E61-91AA-ABF1B90CBD81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50793718-3D0C-449C-940E-3157259B9F06", "versionEndIncluding": "1.0.20.23", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:ucm6208:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA744718-8862-4579-B9CF-E1E8137A02E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's \"Old\" HTTPS API."}, {"lang": "es", "value": "Grandstream serie UCM6200 versiones de firmware 1.0.20.23 y posterior, es vulnerable a una inyecci\u00f3n de comandos del Sistema Operativo por medio de HTTP. Un atacante autenticado remoto puede ejecutar comandos como usuario root mediante el env\u00edo de un HTTP GET dise\u00f1ado hacia la API HTTPS \"Old\" de UCM"}], "id": "CVE-2020-5758", "lastModified": "2024-11-21T05:34:33.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-17T21:15:13.810", "references": [{"source": "vulnreport@tenable.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-42"}, {"source": "nvd@nist.gov", "tags": ["Not Applicable"], "url": "https://www.tenable.com/cve/CVE-2020-5758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-42"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "vulnreport@tenable.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}