Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2020-14971 | First vendor Publication | 2020-06-23 |
Vendor | Cve | Last vendor Modification | 2021-07-21 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.8 | ||
Base Score | 7.8 | Environmental Score | 7.8 |
impact SubScore | 5.9 | Temporal Score | 7.8 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14971 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-08-05 01:37:18 |
|
2021-07-21 17:23:44 |
|
2021-05-05 01:37:57 |
|
2021-05-04 13:45:32 |
|
2021-04-22 02:57:34 |
|
2021-03-27 01:33:25 |
|
2020-08-06 01:26:13 |
|
2020-07-06 17:22:41 |
|
2020-06-24 17:22:44 |
|
2020-06-23 21:23:03 |
|