Vulnerability-Lookup

CNVD-2020-25973

Vulnerability from cnvd - Published: 2020-04-30

Title

Grandstream GXP1600代码注入漏洞

Description

Grandstream GXP1600是美国潮流网络（Grandstream）公司的一款IP电话产品。使用1.0.4.152及之前版本固件的Grandstream GXP1600系列中存在代码注入漏洞。攻击者可借助‘Additional Settings’字段利用该漏洞向配置文件中添加任意的OpenVPN配置设置，以root权限执行代码。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

http://www.grandstream.com/

Impacted products

Name
Grandstream GXP1600 <=1.0.4.152

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5739"
    }
  },
  "description": "Grandstream GXP1600\u662f\u7f8e\u56fd\u6f6e\u6d41\u7f51\u7edc\uff08Grandstream\uff09\u516c\u53f8\u7684\u4e00\u6b3eIP\u7535\u8bdd\u4ea7\u54c1\u3002\n\n\u4f7f\u75281.0.4.152\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Grandstream GXP1600\u7cfb\u5217\u4e2d\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u2018Additional Settings\u2019\u5b57\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4efb\u610f\u7684OpenVPN\u914d\u7f6e\u8bbe\u7f6e\uff0c\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttp://www.grandstream.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-25973",
  "openTime": "2020-04-30",
  "products": {
    "product": "Grandstream GXP1600 \u003c=1.0.4.152"
  },
  "serverity": "\u9ad8",
  "submitTime": "2020-04-15",
  "title": "Grandstream GXP1600\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-5739 (GCVE-0-2020-5739)

Vulnerability from cvelistv5 – Published: 2020-04-14 13:48 – Updated: 2024-08-04 08:39

Summary

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.

Severity ?

No CVSS data available.

CWE

CWE-94

Assigner

tenable

References

URL

Tags

https://www.tenable.com/security/research/tra-2020-22

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Grandstream GXP1600 Series	Affected: 1.0.4.152 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:25.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2020-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Grandstream GXP1600 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.4.152 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone\u0027s VPN settings via the \"Additional Settings\" field in the web interface. When the VPN\u0027s connection is established, the user defined script is executed with root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-14T13:48:50",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2020-22"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2020-5739",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Grandstream GXP1600 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.4.152 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone\u0027s VPN settings via the \"Additional Settings\" field in the web interface. When the VPN\u0027s connection is established, the user defined script is executed with root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2020-22",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2020-22"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2020-5739",
    "datePublished": "2020-04-14T13:48:50",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:25.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-25973

CVE-2020-5739 (GCVE-0-2020-5739)

Tags

Sightings

Nomenclature