CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2020-5847: Unraid Remote Code Execution Vulnerability

criticalknown exploitedpublic exploitCVE-2020-5847
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.

CSIRTS triage

What
Unraid contains a vulnerability due to insecure use of the extract PHP function.
Who is affected
Users of Unraid are at risk of remote code execution.
Urgency
This critical vulnerability is being exploited, necessitating urgent action.
Action
Update to the latest version of Unraid.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Unraid

Get an email when a new Unraid advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Known Exploited Vulnerabilities (US · database · site)
Severity
critical
Published
2021-11-03
Exploitation
Observed in the wild (CISA KEV)

Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-5847

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2020-5847coverage & exploitation statusNVD · CVE.org

More from CISA Known Exploited Vulnerabilities