Vulnerabilities > CVE-2020-10787 - Unspecified vulnerability in Vestacp Vesta Control Panel

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vestacp

NVD

Published: 2020-04-21

Updated: 2021-07-21

Summary

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

Vulnerable Configurations

Part	Description	Count
Application	Vestacp Vestacp Vesta Control Panel 0.9.7-0 Vestacp Vesta Control Panel 0.9.7-13 Vestacp Vesta Control Panel 0.9.7-14 Vestacp Vesta Control Panel 0.9.7-15 Vestacp Vesta Control Panel 0.9.7-16 Vestacp Vesta Control Panel 0.9.7-17 Vestacp Vesta Control Panel 0.9.7-18 Vestacp Vesta Control Panel 0.9.7-19 Vestacp Vesta Control Panel 0.9.7-20 Vestacp Vesta Control Panel 0.9.7-21 Vestacp Vesta Control Panel 0.9.7-22 Vestacp Vesta Control Panel 0.9.8-1 Vestacp Vesta Control Panel 0.9.8-2 Vestacp Vesta Control Panel 0.9.8-3 Vestacp Vesta Control Panel 0.9.8-4 Vestacp Vesta Control Panel 0.9.8-5 Vestacp Vesta Control Panel 0.9.8-6 Vestacp Vesta Control Panel 0.9.8-7 Vestacp Vesta Control Panel 0.9.8-8 Vestacp Vesta Control Panel 0.9.8-9 Vestacp Vesta Control Panel 0.9.8-10 Vestacp Vesta Control Panel 0.9.8-11 Vestacp Vesta Control Panel 0.9.8-12 Vestacp Vesta Control Panel 0.9.8-13 Vestacp Vesta Control Panel 0.9.8-14 Vestacp Vesta Control Panel 0.9.8-15 Vestacp Vesta Control Panel 0.9.8-16 Vestacp Vesta Control Panel 0.9.8-17 Vestacp Vesta Control Panel 0.9.8-18 Vestacp Vesta Control Panel 0.9.8-19 Vestacp Vesta Control Panel 0.9.8-20 Vestacp Vesta Control Panel 0.9.8-21 Vestacp Vesta Control Panel 0.9.8-22 Vestacp Vesta Control Panel 0.9.8-23 Vestacp Vesta Control Panel 0.9.8-24	35

References

https://gitlab.com/snippets/1954764