CVE-2020-5849
CVE-2020-5849
In short
Unraid version 6.8.0 has a flaw that allows someone to bypass the authentication system and gain unauthorized access to the system without needing valid credentials.
Technical detail
CVE-2020-5849 affects Unraid 6.8.0 with an authentication bypass vulnerability (CWE-697: Incorrect Comparison). The vulnerability permits attackers to circumvent authentication mechanisms and gain unauthorized access to the system. Successful exploitation requires network access to the affected Unraid instance and results in complete compromise of system access controls.
Summary generated and translated by AI from the official description.
Unraid 6.8.0 allows authentication bypass.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48353unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.htmlhttps://forums.unraid.net/forum/7-announcements/https://sysdream.com/news/lab/https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5849