CVE-2020-5739

Published Apr 14, 2020

Last updated 3 months ago

CVSS high 8.8

Overview

Description: Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
Source: vulnreport@tenable.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

vulnreport@tenable.com: CWE-94
nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "718E23DE-61E2-47CE-894B-E3B4EFCB761E",
            "versionEndIncluding": "1.0.4.152"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D92122D2-AD92-4EC3-81C3-CC58C3E3C287"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0285B11D-A50B-4650-ADDE-DC1D140AB894",
            "versionEndIncluding": "1.0.4.152"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "713E836B-E61E-4E74-9026-F6470C9555F1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12FDA102-F6D4-4F67-A07C-9919FA23BB6E",
            "versionEndIncluding": "1.0.4.152"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "898FC5BB-6D88-4ED3-95FE-ACFA8D99AAD7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "427357FB-9EEE-43D8-B683-9BD412A68FC7",
            "versionEndIncluding": "1.0.4.152"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "280FCCEF-196B-4BD4-B5C2-7DECC224A84C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C15DDAE-9E8F-4BCB-8650-E70374A2A33F",
            "versionEndIncluding": "1.0.4.152"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8CDF28C0-982E-4DB8-8F3A-75103F2AF9A4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D23F0025-3B02-43BD-8778-C91B40424DB1",
            "versionEndIncluding": "1.0.4.152"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63FC9463-51FD-493D-B2FD-4E61EC6B98CA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References