CVE-2020-20601

high-risk
Published 2021-12-22

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

Do I need to act?

!
57.7% chance of exploitation in next 30 days
EPSS score — higher than 42% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Thinkcmf
Thinkcmf
Thinkcmf
Thinkcmf
Thinkcmf

Affected Vendors

Thinkcmf

References (2)

Exploit https://blog.riskivy.com/thinkcmf-%e6%a1%86%e6%9e%b6%e4%b8%8a%e7%9a%84%e4%bb%bb%...
Exploit https://blog.riskivy.com/thinkcmf-%e6%a1%86%e6%9e%b6%e4%b8%8a%e7%9a%84%e4%bb%bb%...
62
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 18/34 · Moderate
Exposure 12/34 · Low