CVE-2020-5847
CVE-2020-5847
In short
Unraid versions up to 6.8.0 have a critical flaw that allows attackers to run malicious code remotely on the system without any authentication required. This means someone from the internet could take complete control of your Unraid server.
Technical detail
CVE-2020-5847 is a remote code execution vulnerability in Unraid ≤6.8.0 that permits unauthenticated remote attackers to execute arbitrary code on the affected system. The vulnerability requires network access but no prior authentication or user interaction, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
Unraid through 6.8.0 allows Remote Code Execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48353unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.htmlhttps://forums.unraid.net/forum/7-announcements/https://sysdream.com/news/lab/https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5847