Command Injection Vulnerability in Verint S5120FD Network Filtering Management
CVE-2020-24057

8.8HIGH

Key Information:

Vendor: Verint
Status: S5120fd Firmware
Vendor: CVE Published:; 21 August 2020

What is CVE-2020-24057?

The Verint S5120FD management interface is vulnerable due to a flawed CGI endpoint ('ipfilter.cgi'), which is used for managing network filtering. This vulnerability allows authenticated attackers to perform command injection, enabling them to execute arbitrary commands with root privileges. Therefore, it is crucial for users to be aware of this risk and take appropriate measures to secure their devices.

References

https://ioactive.com/verint-ptz-cameras-multiple-vulnerab...

x_refsource_MISC

https://ioac.tv/2Nbc40h

x_refsource_MISC

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2020
Vulnerability Reserved
Aug 13, 2020

CVE-2020-24057 Data

JSON