Cayin CMS Command Injection
CVE-2020-7357

9.6CRITICAL

Key Information:

Vendor

Cayin Technology

Status
Cayin Cms-se
Cayin Cms-60
Cayin Cms-40
Cayin Cms-20
Vendor
CVE Published:
6 August 2020

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 78%

What is CVE-2020-7357?

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

Affected Version(s)

Cayin CMS 8.2 Build 12199

Cayin CMS 8.0 Build 11175

Cayin CMS 7.5 Build 11175

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2020-7357
Created by Rapid7

References

https://github.com/rapid7/metasploit-framework/pull/13607
x_refsource_MISC
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-55...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/182925
vendor-advisoryx_refsource_IBM

EPSS Score

78% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

Credit

This issue was discovered by Gjoko Krstic of Zero Science Lab.
JSON
.
CVE-2020-7357 : Cayin CMS Command Injection