← voltar
CVE-2018-25320

ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

CVSS 9.3 CRITICALEPSS 0.6%CWE-94
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
acl · ACL Analytics

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.acl.comhttps://www.acl.com/products/acl-analytics/https://www.exploit-db.com/exploits/44281https://www.vulncheck.com/advisories/acl-analytics-11-x-arbitrary-code-execution