CVE-2020-12487

HIGH

vivo ABE < 4.4.0.9 - OS Command Injection via Input Parameter Verification Flaw

Title source: llm
STIX 2.1

Description

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.

References (1)

Core 1

Scores

CVSS v3 7.0
EPSS 0.0026
EPSS Percentile 17.3%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-20
Status published
Products (1)
vivo/ABE Versions earlier than 4.4.0.9
Published Dec 17, 2024
Tracked Since Feb 18, 2026