vendor:
AVCON6 video conferencing system
by:
Nassim Asrir
9.8
CVSS
HIGH
Remote root command execution
95
CWE
Product Name: AVCON6 video conferencing system
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: avcon6
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10(64bit) / 61.0b12 (64-bit)
2018
AVCON6 systems management platform – OGNL – Remote root command execution
AVCON6 video conferencing system is vulnerable to remote root command execution due to improper input validation. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable server. This payload will execute arbitrary commands on the server with root privileges.
Mitigation:
Input validation should be done properly to prevent malicious payloads from being executed on the server.
