← back
CVE-2018-25320

ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

CVSS 9.3 CRITICALEPSS 0.6%CWE-94
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
acl · ACL Analytics
public PoCs found1
cve_referencewww.exploit-db.com/exploits/44281unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.acl.comhttps://www.acl.com/products/acl-analytics/https://www.exploit-db.com/exploits/44281https://www.vulncheck.com/advisories/acl-analytics-11-x-arbitrary-code-execution