Login Sign Up

CVE-2020-5847

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

CVE-2020-5847 is an unauthenticated remote code execution vulnerability in Unraid that allows attackers to bypass authentication and execute arbitrary commands as root. This affects Unraid servers through version 6.8.0. Any Unraid system exposed to untrusted networks is at critical risk.

💻 Affected Systems

Products:
  • Unraid
Versions: Through 6.8.0
Operating Systems: Linux-based Unraid OS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Unraid by Unraid

View all CVEs affecting Unraid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing attackers to install malware, exfiltrate data, pivot to other systems, or destroy the system.

🟠

Likely Case

Unauthenticated attackers gain root shell access to execute arbitrary commands, potentially leading to data theft, ransomware deployment, or persistent backdoors.

🟢

If Mitigated

If properly segmented and patched, impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: HIGH - Unauthenticated RCE allows attackers to fully compromise exposed systems without any credentials.
🏢 Internal Only: MEDIUM - Still critical if internal attackers exist, but network segmentation reduces attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available on Packet Storm and other sources. Exploitation requires no authentication and minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.8.1 and later

Vendor Advisory: https://forums.unraid.net/forum/7-announcements/

Restart Required: Yes

Instructions:

1. Log into Unraid web interface. 2. Navigate to Tools > Update OS. 3. Install Unraid 6.8.1 or later. 4. Reboot the system to apply changes.

🔧 Temporary Workarounds

Network Isolation

linux

Block external access to Unraid management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Access Restriction

linux

Restrict Unraid web interface to trusted IP addresses only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

  • Immediately isolate Unraid system from internet and untrusted networks
  • Implement strict network segmentation and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Unraid version via web interface Dashboard or run 'cat /etc/unraid-version' on command line

Check Version:

cat /etc/unraid-version

Verify Fix Applied:

Verify version is 6.8.1 or later and test authentication bypass is no longer possible

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to web interface endpoints
  • Suspicious command execution in system logs
  • Unexpected process creation as root

Network Indicators:

  • Unusual outbound connections from Unraid system
  • Exploit traffic patterns to management ports

SIEM Query:

source="unraid.log" AND ("authentication bypass" OR "unauthorized access" OR suspicious_command="*")

📊 Metadata

CVE ID: CVE-2020-5847
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: March 16, 2020
Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON