← volver
CVE-2018-25320

ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

CVSS 9.3 CRITICALEPSS 0.6%CWE-94
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
acl · ACL Analytics

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.acl.comhttps://www.acl.com/products/acl-analytics/https://www.exploit-db.com/exploits/44281https://www.vulncheck.com/advisories/acl-analytics-11-x-arbitrary-code-execution