{"containers":{"cna":{"affected":[{"product":"Network Management System","vendor":"SevOne","versions":[{"status":"affected","version":"5.7.2.0"},{"status":"affected","version":"5.7.2.1"},{"status":"affected","version":"5.7.2.2"},{"status":"affected","version":"5.7.2.3"},{"status":"affected","version":"5.7.2.4"},{"status":"affected","version":"5.7.2.5"},{"status":"affected","version":"5.7.2.6"},{"status":"affected","version":"5.7.2.7"},{"status":"affected","version":"5.7.2.8"},{"status":"affected","version":"5.7.2.9"},{"status":"affected","version":"5.7.2.10"},{"status":"affected","version":"5.7.2.11"},{"status":"affected","version":"5.7.2.12"},{"status":"affected","version":"5.7.2.13"},{"status":"affected","version":"5.7.2.14"},{"status":"affected","version":"5.7.2.15"},{"status":"affected","version":"5.7.2.16"},{"status":"affected","version":"5.7.2.17"},{"status":"affected","version":"5.7.2.18"},{"status":"affected","version":"5.7.2.19"},{"status":"affected","version":"5.7.2.20"},{"status":"affected","version":"5.7.2.21"},{"status":"affected","version":"5.7.2.22"}]}],"credits":[{"lang":"en","value":"Calvin Phang"}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-77","description":"CWE-77 Command Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-06-03T19:10:38.000Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"tags":["x_refsource_MISC"],"url":"http://seclists.org/fulldisclosure/2020/Oct/5"},{"tags":["x_refsource_MISC"],"url":"https://vuldb.com/?id.162261"}],"title":"SevOne Network Management System Traceroute traceroute.php command injection","x_generator":"vuldb.com","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cna@vuldb.com","ID":"CVE-2020-36529","REQUESTER":"cna@vuldb.com","STATE":"PUBLIC","TITLE":"SevOne Network Management System Traceroute traceroute.php command injection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Network Management System","version":{"version_data":[{"version_value":"5.7.2.0"},{"version_value":"5.7.2.1"},{"version_value":"5.7.2.2"},{"version_value":"5.7.2.3"},{"version_value":"5.7.2.4"},{"version_value":"5.7.2.5"},{"version_value":"5.7.2.6"},{"version_value":"5.7.2.7"},{"version_value":"5.7.2.8"},{"version_value":"5.7.2.9"},{"version_value":"5.7.2.10"},{"version_value":"5.7.2.11"},{"version_value":"5.7.2.12"},{"version_value":"5.7.2.13"},{"version_value":"5.7.2.14"},{"version_value":"5.7.2.15"},{"version_value":"5.7.2.16"},{"version_value":"5.7.2.17"},{"version_value":"5.7.2.18"},{"version_value":"5.7.2.19"},{"version_value":"5.7.2.20"},{"version_value":"5.7.2.21"},{"version_value":"5.7.2.22"}]}}]},"vendor_name":"SevOne"}]}},"credit":"Calvin Phang","data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely."}]},"generator":"vuldb.com","impact":{"cvss":{"baseScore":"8.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-77 Command Injection"}]}]},"references":{"reference_data":[{"name":"http://seclists.org/fulldisclosure/2020/Oct/5","refsource":"MISC","url":"http://seclists.org/fulldisclosure/2020/Oct/5"},{"name":"https://vuldb.com/?id.162261","refsource":"MISC","url":"https://vuldb.com/?id.162261"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T17:30:08.297Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2020/Oct/5"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://vuldb.com/?id.162261"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-14T16:55:38.268250Z","id":"CVE-2020-36529","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-15T14:36:27.615Z"}}]},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2020-36529","datePublished":"2022-06-03T19:10:38.000Z","dateReserved":"2022-06-03T00:00:00.000Z","dateUpdated":"2025-04-15T14:36:27.615Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}