Login Sign Up

CVE-2020-14293

7.5 HIGH
Remote Code Execution

📋 TL;DR

CVE-2020-14293 is an OS command injection vulnerability in Secudos DOMOS 5.8 that allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field. This affects organizations using DOMOS 5.8 for file transfer solutions, potentially compromising entire systems.

💻 Affected Systems

Products:
  • Secudos DOMOS
Versions: 5.8 and earlier versions
Operating Systems: Linux-based systems running DOMOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the web interface's datetime configuration functionality

📦 What is this software?

Domos by Secudos

View all CVEs affecting Domos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level access, data exfiltration, lateral movement, and persistent backdoor installation

🟠

Likely Case

Remote code execution leading to data theft, system manipulation, and potential ransomware deployment

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, but still significant risk due to root privileges

🌐 Internet-Facing: HIGH - Web interface accessible from internet allows remote exploitation without authentication
🏢 Internal Only: HIGH - Even internally, the vulnerability provides root access to attackers who reach the interface

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available on GitHub, simple injection via web form field

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: DOMOS 5.9

Vendor Advisory: https://www.secudos.de/en/news-en/domos-release-5-9

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download DOMOS 5.9 from vendor portal. 3. Apply update following vendor documentation. 4. Restart DOMOS services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict access to DOMOS web interface to trusted IP addresses only

iptables -A INPUT -p tcp --dport [DOMOS_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [DOMOS_PORT] -j DROP

Input Validation Proxy

all

Deploy WAF or reverse proxy to filter malicious input to zone parameter

🧯 If You Can't Patch

  • Immediately restrict network access to DOMOS interface using firewall rules
  • Monitor for unusual process execution and network connections from DOMOS server

🔍 How to Verify

Check if Vulnerable:

Check DOMOS version via web interface admin panel or system logs for version 5.8 or earlier

Check Version:

grep -i domos /var/log/syslog* || check web interface admin panel

Verify Fix Applied:

Verify version shows 5.9 or later in admin interface and test zone field input validation

📡 Detection & Monitoring

Log Indicators:

  • Unusual commands in system logs from DOMOS processes
  • Multiple failed login attempts to DOMOS interface
  • Suspicious process execution with root privileges

Network Indicators:

  • Unexpected outbound connections from DOMOS server
  • Traffic to known malicious IPs from DOMOS host

SIEM Query:

source="DOMOS" AND (process="sh" OR process="bash" OR process="python") AND user="root"

📊 Metadata

CVE ID: CVE-2020-14293
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: October 2, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14293, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)