Vulnerabilities > CVE-2020-7209 - Unspecified vulnerability in HP Linuxki

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

exploit available

metasploit

NVD

Published: 2020-02-13

Updated: 2022-01-01

Summary

LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.

Part	Description	Count
Application	Hp HP Linuxki - HP Linuxki 5.4-1 HP Linuxki 5.4-2 HP Linuxki 5.5-1 HP Linuxki 5.6-1 HP Linuxki 5.7-1 HP Linuxki 5.8-1 HP Linuxki 5.9-1 HP Linuxki 5.10-1 HP Linuxki 5.10-2 HP Linuxki 6.0-1	11

id	EDB-ID:48483
last seen	2020-05-18
modified	2020-05-18
published	2020-05-18
reporter	Exploit-DB
source	https://www.exploit-db.com/download/48483
title	HP LinuxKI 6.01 - Remote Command Injection

description	This module exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
id	MSF:EXPLOIT/LINUX/HTTP/LINUXKI_RCE
last seen	2020-06-12
modified	2020-06-09
published	2020-05-29
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7209 https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/linuxki_rce.rb
title	LinuxKI Toolset 6.01 Remote Command Execution

data source	https://packetstormsecurity.com/files/download/158025/linuxki_rce.rb.txt
id	PACKETSTORM:158025
last seen	2020-06-11
published	2020-06-10
reporter	numan turle
source	https://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
title	LinuxKI Toolset 6.01 Remote Command Execution

data source	https://packetstormsecurity.com/files/download/157739/hplinuxki601-exec.txt
id	PACKETSTORM:157739
last seen	2020-05-19
published	2020-05-17
reporter	Cody Winkler
source	https://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
title	HP LinuxKI 6.01 Remote Command Injection