Main Vulnerability Database Exploits ID:3677 - Exploit for Command Injection in Unified Infrastructure Management - CVE-2020-8010

ID:3677 - Exploit for Command Injection in Unified Infrastructure Management - CVE-2020-8010

Published: August 3, 2020

Vulnerability identifier: #VU25415

Vulnerability risk: High

CVE-ID: CVE-2020-8010

CWE-ID: CWE-77

Exploitation vector: Remote access

Vulnerable software:
Unified Infrastructure Management

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/windows/nimsoft/nimcontroller_bof

Vulnerability description

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to improper ACL handling in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.

The robot versions below 7.97HF8, 9.20HF9 and 9.20SHF9 are affected.

Remediation

Vendor recommends to update to the following solutions to address the vulnerability:

robot_update patches 7.97HF8 (or above), 9.20HF9 (or above), and 9.20SHF9 (or above)

ID:3677 - Exploit for Command Injection in Unified Infrastructure Management - CVE-2020-8010

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human