CVE-2020-11847 (GCVE-0-2020-11847)

Vulnerability from cvelistv5 – Published: 2024-08-21 13:38 – Updated: 2024-08-22 13:50
VLAI?
Title
Vulnerability in sshrelay in privileged access manager provides full system access.
Summary
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
Severity ?
8.2 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Vendor Product Version
OpenText Privileged Access Manager Affected: 3.7.0.1 , < < (server)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "privileged_access_manager",
            "vendor": "opentext",
            "versions": [
              {
                "lessThan": "3.7.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-11847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-22T13:47:40.575847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T13:50:29.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "64 bit",
            "32 bit"
          ],
          "product": "Privileged Access Manager",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "\u003c",
              "status": "affected",
              "version": "3.7.0.1",
              "versionType": "server"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. \u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Privileged Access Manager before 3.7.0.1.\u003c/span\u003e"
            }
          ],
          "value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T13:38:44.228Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vulnerability in sshrelay in privileged access manager provides full system access.",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2020-11847",
    "datePublished": "2024-08-21T13:38:44.228Z",
    "dateReserved": "2020-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-22T13:50:29.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11847\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2024-08-21T14:15:07.957\",\"lastModified\":\"2024-08-23T17:04:30.110\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.\"},{\"lang\":\"es\",\"value\":\"El usuario autenticado por SSH cuando accede al servidor PAM puede ejecutar un comando del sistema operativo para obtener acceso completo al sistema mediante bash. Este problema afecta a Privileged Access Manager anterior a 3.7.0.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.7\",\"matchCriteriaId\":\"FA2CD967-B489-4A21-8B40-77723EA447CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B555DD5F-DF6C-4A46-9F75-C668D9E48D4E\"}]}]}],\"references\":[{\"url\":\"https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html\",\"source\":\"security@opentext.com\",\"tags\":[\"Release Notes\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-11847\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-22T13:47:40.575847Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*\"], \"vendor\": \"opentext\", \"product\": \"privileged_access_manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.7.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-22T13:50:12.492Z\"}}], \"cna\": {\"title\": \"Vulnerability in sshrelay in privileged access manager provides full system access.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-122\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-122 Privilege Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OpenText\", \"product\": \"Privileged Access Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.7.0.1\", \"lessThan\": \"\u003c\", \"versionType\": \"server\"}], \"platforms\": [\"Windows\", \"Linux\", \"64 bit\", \"32 bit\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. \u003cspan style=\\\"background-color: var(--wht);\\\"\u003eThis issue affects Privileged Access Manager before 3.7.0.1.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2024-08-21T13:38:44.228Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-11847\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-22T13:50:29.679Z\", \"dateReserved\": \"2020-04-16T00:00:00.000Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2024-08-21T13:38:44.228Z\", \"assignerShortName\": \"OpenText\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.