CVE-2020-24057
HIGHVerint S5120FD Firmware - Authenticated OS Command Injection via ipfilter.cgi Endpoint
Title source: llmDescription
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/
Exploit, Third Party Advisory x_refsource_misc
https://ioac.tv/2Nbc40h
Scores
CVSS v3
8.8
EPSS
0.0548
EPSS Percentile
91.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
verint/s5120fd_firmware
verint_fw_0_42
Published
Aug 21, 2020
Tracked Since
Feb 18, 2026