AirControl 1.4.2 - PreAuth Remote Code Execution
अनुवाद हो रहा है…प्लेटफ़ॉर्म
java
घटक
aircontrol
में ठीक किया गया
1.4.3
CVE-2020-37052 describes a critical pre-authentication Remote Code Execution (RCE) vulnerability present in Rohos AirControl versions up to 1.4.2. This flaw allows an attacker to execute arbitrary system commands on the server without requiring authentication. Exploitation occurs through the /.seam endpoint by injecting malicious Java expressions, granting the attacker system-level privileges. A patch is available to address this vulnerability.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी pom.xml फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The impact of CVE-2020-37052 is severe. A successful exploit allows an unauthenticated attacker to gain complete control over the Rohos AirControl server. This can lead to data breaches, system compromise, and potential lateral movement within the network. Attackers could install malware, steal sensitive information, or disrupt services. The lack of authentication required for exploitation significantly broadens the attack surface, making this vulnerability particularly dangerous. The ability to execute arbitrary commands with system privileges grants the attacker the highest level of access, enabling them to perform virtually any action on the compromised system.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2020-37052 is a highly concerning vulnerability due to its ease of exploitation and critical impact. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's nature. While no active exploitation campaigns have been definitively confirmed, the severity and simplicity of exploitation suggest a high probability of exploitation. The vulnerability was publicly disclosed on 2026-01-30. It is recommended to prioritize remediation efforts.
कौन जोखिम में हैअनुवाद हो रहा है…
Organizations utilizing Rohos AirControl for secure file transfer and remote access are at significant risk. This includes businesses relying on AirControl for internal data sharing and those providing remote access to clients or partners. Environments with limited security controls or those lacking robust WAF configurations are particularly vulnerable.
पहचान के चरणअनुवाद हो रहा है…
• java / server:
find / -name "*.jar" -exec grep -i '\.seam' {} \;• java / server:
ps aux | grep -i '/.seam'• generic web: Use a WAF or proxy to monitor and block requests to the /.seam endpoint, especially those containing unusual characters or patterns indicative of Java expression injection.
हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.18% (40% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- अपरिवर्तित — प्रभाव केवल कमज़ोर घटक तक सीमित।
- Confidentiality
- उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
- Integrity
- उच्च — हमलावर कोई भी डेटा लिख, बदल या हटा सकता है।
- Availability
- उच्च — पूर्ण क्रैश या संसाधन समाप्ति। पूर्ण सेवा से इनकार।
प्रभावित सॉफ्टवेयर
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2020-37052 is to upgrade Rohos AirControl to a patched version. Rohos has released updates to address this vulnerability; consult their official advisory for the latest version. If immediate patching is not possible, consider implementing temporary workarounds such as restricting access to the /.seam endpoint through a Web Application Firewall (WAF) or proxy server. Carefully review and restrict Java execution permissions within the AirControl environment. Monitor system logs for suspicious activity related to the /.seam endpoint, looking for unusual Java execution patterns. After upgrading, confirm the vulnerability is resolved by attempting to access the /.seam endpoint with a crafted Java expression; it should be rejected.
कैसे ठीक करेंअनुवाद हो रहा है…
Actualice AirControl a una versión posterior a 1.4.2 para corregir la vulnerabilidad de ejecución remota de código. Consulte el sitio web del proveedor (Ubiquiti) para obtener la última versión y las instrucciones de actualización.
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2020-37052 — Remote Code Execution in Rohos AirControl?
CVE-2020-37052 is a critical RCE vulnerability in Rohos AirControl versions up to 1.4.2, allowing unauthenticated attackers to execute commands.
Am I affected by CVE-2020-37052 in Rohos AirControl?
You are affected if you are running Rohos AirControl version 1.4.2 or earlier. Upgrade immediately to a patched version.
How do I fix CVE-2020-37052 in Rohos AirControl?
Upgrade to the latest patched version of Rohos AirControl. Consult the official Rohos advisory for details.
Is CVE-2020-37052 being actively exploited?
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Where can I find the official Rohos advisory for CVE-2020-37052?
Refer to the Rohos Security website and their official security advisories for the latest information and patch details.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।