Strix
26.1K

CVE-2020-17505

HIGHCVSS 8.8/10EPSS 82.16%

Last modified

CVE-2020-17505 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.. EPSS estimates a 82.16% chance of exploitation in the next 30 days.

Description

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
82.16%

99.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ArticatechWeb Proxy4.30.000000

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-17505?
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
How severe is CVE-2020-17505?
CVE-2020-17505 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 82.16% probability of exploitation in the next 30 days.
How do I fix CVE-2020-17505?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-17505?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST