Vulnerabilities > CVE-2020-7209 - Unspecified vulnerability in HP Linuxki
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Exploit-Db
id | EDB-ID:48483 |
last seen | 2020-05-18 |
modified | 2020-05-18 |
published | 2020-05-18 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/48483 |
title | HP LinuxKI 6.01 - Remote Command Injection |
Metasploit
description | This module exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability. |
id | MSF:EXPLOIT/LINUX/HTTP/LINUXKI_RCE |
last seen | 2020-06-12 |
modified | 2020-06-09 |
published | 2020-05-29 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/linuxki_rce.rb |
title | LinuxKI Toolset 6.01 Remote Command Execution |
Packetstorm
data source https://packetstormsecurity.com/files/download/158025/linuxki_rce.rb.txt id PACKETSTORM:158025 last seen 2020-06-11 published 2020-06-10 reporter numan turle source https://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html title LinuxKI Toolset 6.01 Remote Command Execution data source https://packetstormsecurity.com/files/download/157739/hplinuxki601-exec.txt id PACKETSTORM:157739 last seen 2020-05-19 published 2020-05-17 reporter Cody Winkler source https://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html title HP LinuxKI 6.01 Remote Command Injection
References
- http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
- http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
- http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
- https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2
- https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2