Remote Code Execution Vulnerability in Pi-hole Web Interface by Pi-hole
CVE-2020-8816
Key Information:
Badges
What is CVE-2020-8816?
Pi-hole Web v4.3.2, also known as AdminLTE, presents a security flaw that enables Remote Code Execution (RCE) for users with dashboard privileges. This vulnerability arises through a crafted DHCP static lease, which malicious users could exploit to execute arbitrary commands on the server. It highlights the importance of monitoring user privileges and updating to more secure versions to mitigate the risks associated with such vulnerabilities.
CISA has reported CVE-2020-8816
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2020-8816 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
91% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved