CVE-2020-35488

moderate-risk

Published 2021-01-05

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)

Do I need to act?

19.4% chance of exploitation in next 30 days

EPSS score — higher than 81% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

49283

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Nxlog

Affected Vendors

Nxlog

References (4)

Exploit https://github.com/GuillaumePetit84/CVE-2020-35488

Release Notes https://gitlab.com/nxlog-public/nxlog-ce/-/blob/master/ChangeLog.txt#L2

Exploit https://github.com/GuillaumePetit84/CVE-2020-35488

Release Notes https://gitlab.com/nxlog-public/nxlog-ce/-/blob/master/ChangeLog.txt#L2

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 14/34 · Moderate

Exposure 5/34 · Minimal