Kentico.CMS.Staging.SyncServer.Remote.Command.Execution

description-logoDescription

This indicates an attack attempt to exploit an Remote Command Injection vulnerability in Kentico.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An remote attacker may be able to exploit this to execute arbitrary command within the context of the application.

affected-products-logoAffected Products

Kentico version 12.0.x before version 12.0.15
Kentico version 11.0.x before version 11.0.48
Kentico version 10.0.x before version 10.0.52

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Applied latest upgrade or patch from the vendor:
https://devnet.kentico.com/download/hotfixes#securityBugs-v12

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-06-01 15.854 Default_action:pass:drop
2020-05-20 15.847