Vulnerability Details CVE-2020-10808
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.865
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html
- https://forum.vestacp.com/viewforum.php?f=25
- https://github.com/rapid7/metasploit-framework/pull/13094
- https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/
- http://packetstormsecurity.com/files/157111/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/157219/Vesta-Control-Panel-Authenticated-Remote-Code-Execution.html
- https://forum.vestacp.com/viewforum.php?f=25
- https://github.com/rapid7/metasploit-framework/pull/13094
- https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/
Products affected by CVE-2020-10808
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-0
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-13
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-14
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-15
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-16
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-17
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-18
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-19
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-20
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-21
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.7-22
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-1
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-10
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-11
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-12
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-13
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-14
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-15
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-16
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-17
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-18
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-19
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-2
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-20
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-21
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-22
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-23
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-24
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-26
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-3
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-4
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-5
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-6
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-7
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-8
-
cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-9