Exploit
CVE-2020-15348
Improper Control of Generation of Code ('Code Injection') (CWE-94)
Published: Jun 26, 2020 / Updated: 40mo ago

010

CVSS 9.8EPSS 5.56%Critical

CVE info copied to clipboard

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2020-15348. See article

Jun 26, 2020 at 4:47 PM / web.nvd.nist.gov

EPSS

EPSS Score was set to: 5.56% (Percentile: 92.3%)

Sep 15, 2023 at 10:12 PM

Affected Systems

Zyxel/cloud_cnm_secumanager

+null more

Exploits

https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html

+null more

Patches

www.zyxel.com

+null more

Attack Patterns

CAPEC-242: Code Injection

+null more

CVSS V3.1

Attack Vector:Network

Attack Complexity:Low

Privileges Required:None

User Interaction:None

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability Impact:High

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence 30-day free trial

ExploitCVE-2020-15348Improper Control of Generation of Code ('Code Injection') (CWE-94)Published: Jun 26, 2020 / Updated: 40mo ago

Timeline

Affected Systems

Exploits

Patches

Attack Patterns

CVSS V3.1

Categories

Be the first to know about critical vulnerabilities

Exploit
CVE-2020-15348
Improper Control of Generation of Code ('Code Injection') (CWE-94)
Published: Jun 26, 2020 / Updated: 40mo ago