CVE-2020-7357

high-risk

Published 2020-08-06

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

Do I need to act?

78.7% chance of exploitation in next 30 days

EPSS score — higher than 21% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.6/10 Critical

NETWORK / LOW complexity

Affected Products (13)

Cms-Se Firmware

Cms-Se-Lxc Firmware

Cms-60 Firmware

Cms-40 Firmware

Cms-20 Firmware

Cms

Affected Vendors

Cayintech

References (6)

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/182925

Exploit https://github.com/rapid7/metasploit-framework/pull/13607

Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/182925

Exploit https://github.com/rapid7/metasploit-framework/pull/13607

Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 17/34 · Moderate