CVE-2020-15086
published 2020-07-29CVE-2020-15086: In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.72%
84.2th percentile
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| friendsoftypo3 | mediace | — | — |
| friendsoftypo3 | mediace | >= 7.6.2 < 7.6.5 | 7.6.5 |
| typo3 | mediace | >= 7.6.2 < 7.6.5 | 7.6.5 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa8.1HIGH
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Potential Remote Code Execution in TYPO3 with mediace extension
osv·2020-07-29·CVSS 8.1
CVE-2020-15086 [HIGH] Potential Remote Code Execution in TYPO3 with mediace extension
Potential Remote Code Execution in TYPO3 with mediace extension
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1)
> * CWE-325, CWE-20, CWE-200, CWE-502
### Problem
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.
* [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation
+ the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)
+
GHSA
Potential Remote Code Execution in TYPO3 with mediace extension
ghsa·2020-07-29·CVSS 8.1
CVE-2020-15086 [HIGH] CWE-20 Potential Remote Code Execution in TYPO3 with mediace extension
Potential Remote Code Execution in TYPO3 with mediace extension
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1)
> * CWE-325, CWE-20, CWE-200, CWE-502
### Problem
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.
* [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation
+ the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)
+
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75https://github.com/FriendsOfTYPO3/mediace/pull/31https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548ghttps://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75https://github.com/FriendsOfTYPO3/mediace/pull/31https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g
2020-07-29
Published