CVE-2018-20947 - Vulnerability Details

Vendors	Products
Cpanel	Cpanel

Link	Providers
https://documentation.cpanel.net/display/CL/68+Change+Log

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-01T16:15:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://documentation.cpanel.net/display/CL/68+Change+Log", "refsource": "CONFIRM", "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:19:26.351Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20947", "datePublished": "2019-08-01T16:15:28", "dateReserved": "2019-07-31T00:00:00", "dateUpdated": "2024-08-05T12:19:26.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-08-01T16:15:28 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://documentation.cpanel.net/display/CL/68+Change+Log (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2018-20947 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://documentation.cpanel.net/display/CL/68+Change+Log (string)

refsource : CONFIRM (string)

url : https://documentation.cpanel.net/display/CL/68+Change+Log (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T12:19:26.351Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://documentation.cpanel.net/display/CL/68+Change+Log (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2018-20947 (string)

datePublished : 2019-08-01T16:15:28 (string)

dateReserved : 2019-07-31T00:00:00 (string)

dateUpdated : 2024-08-05T12:19:26.351Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58", "versionEndExcluding": "62.0.39", "versionStartIncluding": "61.9999.55", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C", "versionEndExcluding": "66.0.35", "versionStartIncluding": "65.9999.38", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*", "matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3", "versionEndExcluding": "68.0.27", "versionStartIncluding": "67.9999.64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)."}, {"lang": "es", "value": "cPanel anterior a versi\u00f3n 68.0.27, permite determinadas operaciones de escritura de archivo por medio del script telnetcrt (SEC-356)."}], "id": "CVE-2018-20947", "lastModified": "2024-11-21T04:02:32.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-01T17:15:12.970", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.cpanel.net/display/CL/68+Change+Log"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A4A4E3F1-3C13-4958-B459-5EDC57CD9C58 (string)

versionEndExcluding : 62.0.39 (string)

versionStartIncluding : 61.9999.55 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 614031BF-1524-4E1C-B6CB-B99944A8145C (string)

versionEndExcluding : 66.0.35 (string)

versionStartIncluding : 65.9999.38 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 328117AC-A34F-4D57-A697-E1E68C2A92E3 (string)

versionEndExcluding : 68.0.27 (string)

versionStartIncluding : 67.9999.64 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). (string)

}

1 : { »

lang : es (string)

value : cPanel anterior a versión 68.0.27, permite determinadas operaciones de escritura de archivo por medio del script telnetcrt (SEC-356). (string)

}

]

id : CVE-2018-20947 (string)

lastModified : 2024-11-21T04:02:32.247 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-08-01T17:15:12.970 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://documentation.cpanel.net/display/CL/68+Change+Log (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://documentation.cpanel.net/display/CL/68+Change+Log (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-668 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object