Unknown
CVE-2020-35847
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-35847
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Add Assessment
Technical Analysis
Similar to CVE-2020-35846, this is a noSQL injection using the var_dump function to dump all memory for the password reset tokens. The vulnerability is within the /auth/requestreset When combined with CVE-2020-35846, its possible to dump all users and their password reset tokens. With this, a successful password reset of the admin user is possible. Once logged in, using the /accounts/find API, a command injection vulnerability is achieved although there was no CVE assigned to this.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- agentejo
Products
- cockpit
References
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
