What is CVE-2020-13167?

CVE-2020-13167 is a vulnerability in N/a. Published 2020-05-19.

Is CVE-2020-13167 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.

EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
HimmelAward/Goby_
NyxAzrael/Goby_
Z0fhack/Goby_
d4n-sec/d4n-sec.github.io
merlinepedra/nuclei-templates

References

ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13167?: CVE-2020-13167 is a vulnerability in N/a. Published 2020-05-19.
Is CVE-2020-13167 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.