Sign-up

ID

VAR-202102-0254


CVE

CVE-2020-21224


TITLE

Inspur ClusterEngine  Argument insertion or modification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016165

DESCRIPTION

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server. Inspur ClusterEngine Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inspur Inspur ClusterEngine is an application software of China Inspur Company. Provides jobs submitted by the software and hardware in the management cluster system

Trust: 1.8

sources: NVD: CVE-2020-21224 // JVNDB: JVNDB-2020-016165 // VULHUB: VHN-174781 // VULMON: CVE-2020-21224

AFFECTED PRODUCTS

vendor:inspurmodel:clusterenginescope:eqversion:4.0

Trust: 1.8

vendor:inspurmodel:clusterenginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-016165 // NVD: CVE-2020-21224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-21224
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-21224
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202102-1465
value: CRITICAL

Trust: 0.6

VULHUB: VHN-174781
value: HIGH

Trust: 0.1

VULMON: CVE-2020-21224
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-21224
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-174781
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-21224
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-21224
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-174781 // VULMON: CVE-2020-21224 // JVNDB: JVNDB-2020-016165 // CNNVD: CNNVD-202102-1465 // NVD: CVE-2020-21224

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.1

problemtype:Insert or change arguments (CWE-88) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-174781 // JVNDB: JVNDB-2020-016165 // NVD: CVE-2020-21224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1465

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202102-1465

PATCH

title:ClusterEngineurl:https://en.inspur.com/en/2402530/2402532/2402583/2404702/2411005/index.html

Trust: 0.8

title:wave Inspur ClusterEngine Repair measures for parameter injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143032

Trust: 0.6

title:Inspururl:https://github.com/NS-Sp4ce/Inspur

Trust: 0.1

title:Goby_POCurl:https://github.com/H4ckTh3W0r1d/Goby_POC

Trust: 0.1

title:kenzer-templatesurl:https://github.com/Elsfa7-110/kenzer-templates

Trust: 0.1

title:kenzer-templatesurl:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2020-21224 // JVNDB: JVNDB-2020-016165 // CNNVD: CNNVD-202102-1465

EXTERNAL IDS

db:NVDid:CVE-2020-21224

Trust: 2.6

db:JVNDBid:JVNDB-2020-016165

Trust: 0.8

db:CNNVDid:CNNVD-202102-1465

Trust: 0.7

db:VULHUBid:VHN-174781

Trust: 0.1

db:VULMONid:CVE-2020-21224

Trust: 0.1

sources: VULHUB: VHN-174781 // VULMON: CVE-2020-21224 // JVNDB: JVNDB-2020-016165 // CNNVD: CNNVD-202102-1465 // NVD: CVE-2020-21224

REFERENCES

url:https://github.com/ns-sp4ce/inspur/

Trust: 2.6

url:https://github.com/ns-sp4ce/inspur/tree/master/clusterenginev4.0%20vul

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-21224

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/88.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ns-sp4ce/inspur

Trust: 0.1

sources: VULHUB: VHN-174781 // VULMON: CVE-2020-21224 // JVNDB: JVNDB-2020-016165 // CNNVD: CNNVD-202102-1465 // NVD: CVE-2020-21224

SOURCES

db:VULHUBid:VHN-174781
db:VULMONid:CVE-2020-21224
db:JVNDBid:JVNDB-2020-016165
db:CNNVDid:CNNVD-202102-1465
db:NVDid:CVE-2020-21224

LAST UPDATE DATE

2024-11-23T23:11:08.734000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-174781date:2021-02-26T00:00:00
db:VULMONid:CVE-2020-21224date:2021-02-26T00:00:00
db:JVNDBid:JVNDB-2020-016165date:2021-11-11T08:53:00
db:CNNVDid:CNNVD-202102-1465date:2021-03-02T00:00:00
db:NVDid:CVE-2020-21224date:2024-11-21T05:12:29.270

SOURCES RELEASE DATE

db:VULHUBid:VHN-174781date:2021-02-22T00:00:00
db:VULMONid:CVE-2020-21224date:2021-02-22T00:00:00
db:JVNDBid:JVNDB-2020-016165date:2021-11-11T00:00:00
db:CNNVDid:CNNVD-202102-1465date:2021-02-22T00:00:00
db:NVDid:CVE-2020-21224date:2021-02-22T15:15:12.240