Vulnerabilities > CVE-2020-10786 - Incorrect Authorization vulnerability in Vestacp Vesta Control Panel

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vestacp

CWE-863

NVD

Published: 2020-04-21

Updated: 2021-07-21

Summary

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

Vulnerable Configurations

Part	Description	Count
Application	Vestacp Vestacp Vesta Control Panel 0.9.7-0 Vestacp Vesta Control Panel 0.9.7-13 Vestacp Vesta Control Panel 0.9.7-14 Vestacp Vesta Control Panel 0.9.7-15 Vestacp Vesta Control Panel 0.9.7-16 Vestacp Vesta Control Panel 0.9.7-17 Vestacp Vesta Control Panel 0.9.7-18 Vestacp Vesta Control Panel 0.9.7-19 Vestacp Vesta Control Panel 0.9.7-20 Vestacp Vesta Control Panel 0.9.7-21 Vestacp Vesta Control Panel 0.9.7-22 Vestacp Vesta Control Panel 0.9.8-1 Vestacp Vesta Control Panel 0.9.8-2 Vestacp Vesta Control Panel 0.9.8-3 Vestacp Vesta Control Panel 0.9.8-4 Vestacp Vesta Control Panel 0.9.8-5 Vestacp Vesta Control Panel 0.9.8-6 Vestacp Vesta Control Panel 0.9.8-7 Vestacp Vesta Control Panel 0.9.8-8 Vestacp Vesta Control Panel 0.9.8-9 Vestacp Vesta Control Panel 0.9.8-10 Vestacp Vesta Control Panel 0.9.8-11 Vestacp Vesta Control Panel 0.9.8-12 Vestacp Vesta Control Panel 0.9.8-13 Vestacp Vesta Control Panel 0.9.8-14 Vestacp Vesta Control Panel 0.9.8-15 Vestacp Vesta Control Panel 0.9.8-16 Vestacp Vesta Control Panel 0.9.8-17 Vestacp Vesta Control Panel 0.9.8-18 Vestacp Vesta Control Panel 0.9.8-19 Vestacp Vesta Control Panel 0.9.8-20 Vestacp Vesta Control Panel 0.9.8-21 Vestacp Vesta Control Panel 0.9.8-22 Vestacp Vesta Control Panel 0.9.8-23 Vestacp Vesta Control Panel 0.9.8-24	35

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://gitlab.com/snippets/1954764