CVE-2020-36529

HIGH

SevOne Network Performance Management < 5.7.2.22 - Remote Command Injection in Traceroute Handler

Title source: llm
STIX 2.1

Description

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2020/Oct/5
Third Party Advisory, VDB Entry x_refsource_misc
https://vuldb.com/?id.162261

Scores

CVSS v3 8.8
EPSS 0.0390
EPSS Percentile 89.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
ibm/sevone_network_performance_management 5.7.2.0 - 5.7.2.22
Published Jun 07, 2022
Tracked Since Feb 18, 2026