CVE-2017-20237
🟠 Łataj w tym tygodniu
Obejście uwierzytelnienia w Hirschmann Industrial HiVision pozwala na zdalne wykonanie kodu.
CVSS
9.8
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed interface methods over the remote service to bypass authentication and achieve remote code execution on the underlying operating system.
auth-bypass rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-03 21:17:07 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-07 13:20:55 UTC |
Referencje
- https://assets.belden.com/m/1cb01df62f1f31e3/original/Unauthenticated-Remote-Code-Execution-Security-Bulletin-Hirschmann-BSECV-2017-02.pdf (disclosure@vulncheck.com)
- https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-authentication-bypass-remote-code-execution (disclosure@vulncheck.com)