CVE-2020-8654
Presentation
It is possible to execute arbitary OS commands for an EON user that have the necessary right to use AutoDiscovery’s module. The field ‘Target’ isn’t check and it is possible to run arbitary commands.
The command id
is exploitable in the system : ;id #
Exploit
Impacted Version(s)
EON 5.3-0
Fixed Version(s)
Fix
Download the latest EON fixed version.
Relevant link
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8654
http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html