The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
References
Link | Resource |
---|---|
https://ioac.tv/2Nbc40h | Exploit Third Party Advisory |
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-21T14:31:41
Updated: 2020-08-21T14:31:41
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-24057
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-21T15:15:13.213
Modified: 2020-08-27T14:50:14.163
Link: CVE-2020-24057
JSON object: View
Redhat Information
No data.
CWE