Security Advisory | Command Execution Vulnerability in ABE Service
Original release date: 2021-03-24
CVE ID
CVE-2020-12487
CVSS 3.1 Base Score
7.0 High (AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
Description
Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.
Software Versions and Fixes
- Software Affected Version Fixed Version
- ABE service Versions earlier than 4.4.0.9 Upgrade to 4.4.0.9 or later
Temporary Fix
NA
Obtaining Fixed Software
The vulnerability can be fixed by performing system updates.
Source
weiwei,caimo
Update Records
2021-3-24 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.