Remote Command Execution Vulnerability in vBulletin by Internet Brands
CVE-2020-17496
Key Information:
Badges
What is CVE-2020-17496?
vBulletin versions 5.5.4 to 5.6.2 contain a vulnerability that allows attackers to execute arbitrary commands remotely. This issue arises from insufficient fixes for a previously reported vulnerability, CVE-2019-16759, which permits crafted subWidgets data to be sent through an ajax/render/widget_tabbedcontainer_tab_panel request. This flaw can be exploited to achieve unauthorized access to system commands, posing significant risks to the integrity and confidentiality of affected systems.
CISA has reported CVE-2020-17496
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2020-17496 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved