Vulnerability Details CVE-2020-5849
Unraid 6.8.0 allows authentication bypass.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.937
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Proposed Action
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html
- https://forums.unraid.net/forum/7-announcements/
- https://sysdream.com/news/lab/
- https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
- http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html
- https://forums.unraid.net/forum/7-announcements/
- https://sysdream.com/news/lab/
- https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/