Vulnerability Details CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.935
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html
- https://forums.unraid.net/forum/7-announcements/
- https://sysdream.com/news/lab/
- https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
- http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html
- https://forums.unraid.net/forum/7-announcements/
- https://sysdream.com/news/lab/
- https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/