CVE-2020-7361 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2020-7361?

CVE-2020-7361 has a CVSS score of 9.6 (CRITICAL). This CVE describes an OS command injection vulnerability in EasyCorp ZenTao Pro that allows authenticated attackers to execute arbitrary commands with SYSTEM privileges on Windows systems. The vulnerability affects organizations using ZenTao Pro for project management. Attackers can gain complete control over affected systems through this flaw.

📋 TL;DR

This CVE describes an OS command injection vulnerability in EasyCorp ZenTao Pro that allows authenticated attackers to execute arbitrary commands with SYSTEM privileges on Windows systems. The vulnerability affects organizations using ZenTao Pro for project management. Attackers can gain complete control over affected systems through this flaw.

💻 Affected Systems

Products:

EasyCorp ZenTao Pro

Versions: Specific affected versions not specified in CVE description, but vulnerability exists in versions with the vulnerable '/pro/repo-create.html' component

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to ZenTao dashboard, but authenticated users can exploit. SYSTEM context execution on Windows makes this particularly dangerous.

📦 What is this software?

Zentao Pro by Easycorp

View all CVEs affecting Zentao Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling data theft, ransomware deployment, lateral movement, and persistent backdoor installation across the network.

🟠

Likely Case

Initial foothold leading to privilege escalation, data exfiltration, and potential ransomware deployment on vulnerable systems.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and proper monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Metasploit module available (referenced in CVE), making exploitation trivial for attackers with valid credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ZenTao Pro vendor updates for specific version

Vendor Advisory: Not specified in provided references

Restart Required: Yes

Instructions:

1. Check EasyCorp website for security updates. 2. Apply latest ZenTao Pro patch. 3. Restart ZenTao service. 4. Verify fix by testing exploitation.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation on the 'path' parameter to reject shell metacharacters

Implement server-side validation: if re.search(r'[;&|`$()]', path_param): return error

Network Segmentation

all

Isolate ZenTao Pro servers from critical systems and internet

Configure firewall rules to restrict ZenTao server network access

🧯 If You Can't Patch

Implement strict network segmentation to isolate ZenTao servers
Enforce strong authentication and limit user access to only necessary personnel

🔍 How to Verify

Check if Vulnerable:

Test by attempting command injection via authenticated POST request to '/pro/repo-create.html' with malicious 'path' parameter

Check Version:

Check ZenTao Pro version in admin dashboard or configuration files

Verify Fix Applied:

Attempt same exploitation after patch - should receive error or sanitized output instead of command execution

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in Windows event logs
ZenTao logs showing shell metacharacters in 'path' parameter
Multiple failed authentication attempts followed by repo-create access

Network Indicators:

POST requests to '/pro/repo-create.html' containing shell metacharacters in parameters
Outbound connections from ZenTao server to unusual destinations

SIEM Query:

source="zentaopro" AND uri_path="/pro/repo-create.html" AND (param="path" AND value MATCHES "[;&|`$()]")

📊 Metadata

CVE ID: CVE-2020-7361

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-78

Published: August 6, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/rapid7/metasploit-framework/pull/13828 Exploit,Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/13828 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7361, you might also want to check these: