CVE-2020-8655

HIGH KEV

EyesOfNetwork <5.3 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-8655 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 3 public exploits.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2020-8655, which leverages a local privilege escalation (LPE) via nmap NSE script execution in EyesOfNetwork 5.1 to 5.3. The exploit chains multiple CVEs (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656) to achieve remote code execution (RCE) and privilege escalation.

Description

An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.

Exploits (3)

vulncheck_xdb WORKING POC
remote-auth
https://github.com/h4knet/eonrce

This repository contains functional exploit code for CVE-2020-8655, which leverages a local privilege escalation (LPE) via nmap NSE script execution in EyesOfNetwork 5.1 to 5.3. The exploit chains multiple CVEs (CVE-2020-8654, CVE-2020-8655, CVE-2020-8656) to achieve remote code execution (RCE) and privilege escalation.

Classification
Working Poc 95%
Attack Type
Rce | Lpe | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork 5.1 to 5.3
No auth needed
Prerequisites: Network access to the target · EyesOfNetwork API accessibility
devstral-2 · analyzed Feb 25, 2026 Full analysis →
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/48025

This exploit demonstrates a multi-stage attack against EyesOfNetwork 5.3, combining SQL injection for authentication bypass, user creation, and remote code execution via a crafted NSE script for privilege escalation. The payload includes a reverse shell triggered through nmap's script execution.

Classification
Working Poc 95%
Attack Type
Rce | Lpe | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork 5.3 (API v2.4.2)
No auth needed
Prerequisites: Network access to the EyesOfNetwork server · Nmap installed on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
rubyremotemultiple
https://www.exploit-db.com/exploits/48169

This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork (CVE-2020-8655) to achieve remote command execution as root. It leverages a command injection flaw in the AutoDiscovery feature, combined with privilege escalation via Nmap (executed as root by the apache user).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EyesOfNetwork <= 5.3 (API version <= 2.4.2)
Auth required
Prerequisites: Valid administrative credentials or ability to bypass authentication via SQLi/hardcoded API key
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.8
EPSS 0.8787
EPSS Percentile 99.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-11-03
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-29503
CWE
CWE-269
Status published
Products (1)
eyesofnetwork/eyesofnetwork 5.3-0
Published Feb 07, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026