Vulnerability Details CVE-2020-5759
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.081
EPSS Ranking 91.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2020-5759
-
cpe:2.3:h:grandstream:ucm6202:-
-
cpe:2.3:h:grandstream:ucm6204:-
-
cpe:2.3:h:grandstream:ucm6208:-
-
cpe:2.3:o:grandstream:ucm6202_firmware:1.0.20.22
-
cpe:2.3:o:grandstream:ucm6202_firmware:1.0.20.23
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.10.44
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.11.27
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.12.19
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.13.14
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.14.24
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.15.16
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.16.20
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.17.16
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.18.13
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.19.20
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.19.21
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.2.97
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.20.22
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.20.23
-
cpe:2.3:o:grandstream:ucm6204_firmware:1.0.9.97
-
cpe:2.3:o:grandstream:ucm6208_firmware:1.0.20.22
-
cpe:2.3:o:grandstream:ucm6208_firmware:1.0.20.23