CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:logicaldoc:logicaldoc:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-18 22:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-9423

Mitre link : CVE-2020-9423

CVE.ORG link : CVE-2020-9423

JSON object : View

Products Affected

logicaldoc

logicaldoc

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2020-9423", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-03-18T22:15:12.733", "references": [{"url": "https://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges."}, {"lang": "es", "value": "LogicalDoc versiones anteriores a 8.3.3, podr\u00eda permitir a un atacante cargar archivos arbitrarios, conllevando a una ejecuci\u00f3n de comandos o recuperaci\u00f3n de datos desde la base de datos. LogicalDoc proporciona una funcionalidad para agregar documentos. Esos documentos podr\u00edan usarse para m\u00faltiples tareas, tales como el control de versiones, compartirse entre los usuarios, aplicar etiquetas, etc. Esta funcionalidad podr\u00eda ser abusada por un atacante no autenticado para cargar un archivo arbitrario en una carpeta restringida. Esto conllevar\u00eda una ejecuci\u00f3n de comandos maliciosos con privilegios root."}], "lastModified": "2020-03-20T19:30:05.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logicaldoc:logicaldoc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1A3864-AE31-4FA6-AE3A-B6086D4AFA3A", "versionEndExcluding": "8.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}