CVE: CVE-2020-11698

Export to Word

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.83123
Percentile: 0.99196

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-77 : Improper Neutralization of Special Elements used in a Command ('Command Injection')

All CAPEC(s)

CAPEC-136: LDAP Injection
CAPEC-15: Command Delimiters
CAPEC-183: IMAP/SMTP Command Injection
CAPEC-248: Command Injection
CAPEC-40: Manipulating Writeable Terminal Devices
CAPEC-43: Exploiting Multiple Input Interpretation Layers
CAPEC-75: Manipulating Writeable Configuration Files
CAPEC-76: Manipulating Web Input to File System Calls

CVE: CVE-2020-11698

Threat-Mapped Scoring

EPSS

CVSS Scoring

Mapped CWE(s)

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products