CVE-2020-19360 – CVE-2020-19360 is a local file inclusion vulner... (How to Fix)

Q: What is the severity of CVE-2020-19360?

CVE-2020-19360 has a CVSS score of 7.5 (HIGH). CVE-2020-19360 is a local file inclusion vulnerability in FHEM 6.0 that allows attackers to read arbitrary files on the server through the fhem/FileLog_logWrapper file parameter. This can lead to sensitive information disclosure including configuration files, passwords, and system data. Users running FHEM 6.0 are affected.

📋 TL;DR

CVE-2020-19360 is a local file inclusion vulnerability in FHEM 6.0 that allows attackers to read arbitrary files on the server through the fhem/FileLog_logWrapper file parameter. This can lead to sensitive information disclosure including configuration files, passwords, and system data. Users running FHEM 6.0 are affected.

💻 Affected Systems

Products:

FHEM

Versions: Version 6.0

Operating Systems: All platforms running FHEM

Default Config Vulnerable: ⚠️ Yes

Notes: Affects FHEM installations with web interface enabled. The vulnerability is in the FileLog_logWrapper component.

📦 What is this software?

Fhem by Fhem

View all CVEs affecting Fhem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like /etc/passwd, SSH keys, or database credentials, potentially leading to privilege escalation or lateral movement.

🟠

Likely Case

Sensitive information disclosure including FHEM configuration files, logs, and potentially system files accessible to the web server user.

🟢

If Mitigated

Limited impact if proper file permissions restrict web server user access to sensitive files and network segmentation is in place.

🌐 Internet-Facing: HIGH - Web-accessible FHEM instances can be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Requires network access but can be exploited by internal attackers or through compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires sending specially crafted requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FHEM 6.1 and later

Vendor Advisory: https://forum.fhem.de/index.php/topic,115309.0.html

Restart Required: Yes

Instructions:

1. Backup current FHEM configuration. 2. Update to FHEM 6.1 or later version. 3. Restart FHEM service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable web interface

all

Temporarily disable the FHEM web interface to prevent exploitation

# Edit FHEM config and comment out or remove web interface settings
# Restart FHEM: sudo systemctl restart fhem

Restrict network access

linux

Configure firewall rules to restrict access to FHEM web interface

# Example iptables rule: sudo iptables -A INPUT -p tcp --dport 8083 -s trusted_ip -j ACCEPT
# Block all others: sudo iptables -A INPUT -p tcp --dport 8083 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to FHEM web interface
Apply strict file permissions to sensitive system files and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check FHEM version: grep 'FHEM_VERSION' /opt/fhem/fhem.cfg or check web interface footer. If version is 6.0, system is vulnerable.

Check Version:

grep 'FHEM_VERSION' /opt/fhem/fhem.cfg || cat /opt/fhem/fhem.pl | grep 'our \$FHEM_VERSION'

Verify Fix Applied:

Verify FHEM version is 6.1 or later and test the vulnerable endpoint with known exploit payloads to confirm they no longer work.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in FHEM logs
Requests to fhem/FileLog_logWrapper with file parameter containing path traversal sequences (../)
Multiple failed file inclusion attempts

Network Indicators:

HTTP requests to /fhem/FileLog_logWrapper with file parameter
Unusual spikes in traffic to FHEM web interface

SIEM Query:

source="fhem.log" AND "FileLog_logWrapper" AND ("../" OR "file=" OR "path traversal")

📊 Metadata

CVE ID: CVE-2020-19360

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: January 20, 2021

Last Updated: November 21, 2024

🔗 References

https://emreovunc.com/blog/en/FHEM-v6.0-LFI-Vulnerability-01.png Third Party Advisory
https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability Exploit,Third Party Advisory
https://emreovunc.com/blog/en/FHEM-v6.0-LFI-Vulnerability-01.png Third Party Advisory
https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19360, you might also want to check these: