CVE-2020-24057
moderate-risk
Published 2020-08-21
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.
Do I need to act?
!
21.2% chance of exploitation in next 30 days
EPSS score — higher than 79% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Exploit
https://ioac.tv/2Nbc40h
Third Party Advisory
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/
Exploit
https://ioac.tv/2Nbc40h
Third Party Advisory
https://ioactive.com/verint-ptz-cameras-multiple-vulnerabilities/
49
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
14/34 · Moderate
Exposure
5/34 · Minimal