VDB
CVE-2020-14947
CVE-2020-14947
PUBLISHED
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
EPSS 74.71% · 98.9th percentile
Risk Scores
EPSS Score
74.71%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | ocsinventory-server | 2.1.2-1, 2.1.2-1ubuntu1, 0 |
| Ubuntu:18.04:LTS | ocsinventory-server | 0, 2.2+dfsg-0.1 |
| Ubuntu:24.04:LTS | ocsinventory-server | *, 0 |
| Ubuntu:25.10 | ocsinventory-server | 2.8.1+dfsg1+~2.11.1-1, 0 |
| Ubuntu:22.04:LTS | ocsinventory-server | 0, 2.8.1+dfsg1-1ubuntu0.1, 2.8.1+dfsg1-1 |
| Ubuntu:20.04:LTS | ocsinventory-server | 2.5+dfsg1-1ubuntu0.1, 0, 2.5+dfsg1-1 |
Exploit Intelligence
- The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 (github-poc)
- The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 (github-poc)
- The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 (github-poc)
- The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 (github-poc)
- The official exploit for OCS Inventory NG v2.7 Remote Command Execution CVE-2020-14947 (github-poc)
- http://packetstormsecurity.com/files/158293/OCS-Inventory-NG-2.7-Remote-Code-Execution.html (nist-nvd)
- https://drive.google.com/file/d/1-LVfL5ui5m2QfQxr0fDopzSECd4fTNrQ/view?usp=sharing (nist-nvd)
- https://gist.github.com/mhaskar/233436d3096d4a7beafe36ff61dc2c73 (nist-nvd)
- https://shells.systems/ocs-inventory-ng-v2-7-remote-command-execution-cve-2020-14947/ (nist-nvd)
- https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/da72e0fddaeceee44fbbd7241e07e5d53d1eee64 (circl)
…and 2 more exploits
Timeline
- Jun 30, 2020 CVE Published
- Jul 2, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- May 8, 2023 EPSS Score
- May 9, 2023 EPSS Score
- May 23, 2023 EPSS Score
- Aug 3, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Feb 12, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-14947 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14947 third-party-advisory