CVE-2020-5849
KEV
🔴 Łataj teraz
Obejście uwierzytelnienia w Unraid 6.8.0 umożliwia nieautoryzowany dostęp do systemu.
CVSS
7.5
EPSS
93.8%
Exploit
weaponized
Vendor
unraid
Opis źródłowy (NVD)
Unraid 6.8.0 allows authentication bypass.
auth-bypass exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 93.8% |
| Opublikowano (NVD) | 2020-03-16 18:15:12 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-17 14:10:26 UTC |
Referencje
- http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://forums.unraid.net/forum/7-announcements/ (cve@mitre.org) [Release Notes, Vendor Advisory]
- https://sysdream.com/news/lab/ (cve@mitre.org) [Third Party Advisory]
- https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ (cve@mitre.org) [Broken Link, Exploit, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5849 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]