CVE-2020-11847
Global infos:
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
CVE Status: Analyzed
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | LOCAL |
| Availability Impact | HIGH |
| Base Score | 8.2 |
| Base Severity | HIGH |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Privileges Required | LOW |
| Scope | CHANGED |
| User Interaction | REQUIRED |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| Exploitability Score | 1.5 |
| Impact Score | 6 |
| Source | [email protected] |
| Type | Secondary |