CVE-2020-5757

high-risk

Published 2020-07-17

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.

Do I need to act?

22.5% chance of exploitation in next 30 days

EPSS score — higher than 78% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Ucm6202 Firmware

Ucm6204 Firmware

Ucm6208 Firmware

Affected Vendors

Grandstream

References (3)

Not Applicable https://www.tenable.com/security/research/tra-2020-42

Third Party Advisory https://www.tenable.com/cve/CVE-2020-5757

Not Applicable https://www.tenable.com/security/research/tra-2020-42

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 14/34 · Moderate

Exposure 9/34 · Low