Vulnerabilites related to iXsystems - FreeNAS
CVE-2010-20059 (GCVE-0-2010-20059)
Vulnerability from cvelistv5
Published
2025-08-20 15:35
Modified
2025-08-22 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-20059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T16:26:49.670648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T16:27:00.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/freenas_exec_raw.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/16313"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"exec_raw.php"
],
"product": "FreeNAS",
"repo": "https://github.com/freenas",
"vendor": "iXsystems",
"versions": [
{
"lessThan": "0.7.2 rev 5543",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command\u2010execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation."
}
],
"value": "FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command\u2010execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:35:08.532Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/16313"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/freenas_exec_raw.rb"
},
{
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/freenas/"
},
{
"tags": [
"product"
],
"url": "https://github.com/freenas"
},
{
"tags": [
"product"
],
"url": "https://www.truenas.com/freenas/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.tenable.com/plugins/nnm/5714"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://web.archive.org/web/20101218143110/http://sourceforge.net/projects/freenas/files//stable/0.7.2/NOTES%200.7.2.5543.txt/view"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/freenas-arbitrary-command-execution"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FreeNAS \u003c 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2010-20059",
"datePublished": "2025-08-20T15:35:08.532Z",
"dateReserved": "2025-08-19T16:00:37.422Z",
"dateUpdated": "2025-08-22T16:27:00.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11650 (GCVE-0-2020-11650)
Vulnerability from cvelistv5
Published
2020-04-08 22:12
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jira.ixsystems.com/browse/NAS-104748 | x_refsource_MISC | |
| https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-10T11:25:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.ixsystems.com/browse/NAS-104748",
"refsource": "MISC",
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"name": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/",
"refsource": "CONFIRM",
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11650",
"datePublished": "2020-04-08T22:12:46",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-08 23:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jira.ixsystems.com/browse/NAS-104748 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.ixsystems.com/browse/NAS-104748 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "ED051E83-272F-4288-BAEA-3539830AE9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u1:*:*:*:*:*:*",
"matchCriteriaId": "4093D4BE-7463-469B-8D4D-28937D560950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u2:*:*:*:*:*:*",
"matchCriteriaId": "C32BF3CA-FDBA-4C19-97B5-5EC8979F36C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u2.1:*:*:*:*:*:*",
"matchCriteriaId": "71FCC2F1-7A47-4B55-A638-13575BE7DD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u3:*:*:*:*:*:*",
"matchCriteriaId": "714F1F8A-6AA4-4668-9B45-488702C2A232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u4:*:*:*:*:*:*",
"matchCriteriaId": "4E52DE4F-CF8E-47B1-92D0-4A534327EB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u4.1:*:*:*:*:*:*",
"matchCriteriaId": "33ECEDAF-D350-4326-B7A8-97B788C27760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u5:*:*:*:*:*:*",
"matchCriteriaId": "66F6E9C5-25F9-4BC6-B997-A6653B8B0531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u5.1:*:*:*:*:*:*",
"matchCriteriaId": "82FF4DCD-C7B9-41A3-9745-2D5967EDE204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u6:*:*:*:*:*:*",
"matchCriteriaId": "D02CE65B-FED1-410B-93C3-02379395C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u6.1:*:*:*:*:*:*",
"matchCriteriaId": "983FAD77-AB04-4611-BB19-0612BB660B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u7:*:*:*:*:*:*",
"matchCriteriaId": "0CD66D14-5C63-4F15-99F3-681CFB611CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "9D19A988-63A6-4B2E-BBF8-468BCAD74729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "3048BC44-5492-447C-9F5D-0F4C11E16817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8E7BDE00-A5B1-4455-B4B2-D6CC1E3DA109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "996D15FA-102D-4BED-968A-0D5A4AD5E8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF51D75F-564D-4635-B33B-D513CEE86A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "46ED3ECF-1E06-44A3-8D13-CE039DEB8CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ixsystems:freenas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05FB1FAA-EA18-48FA-A4B6-020ED566BEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "DE129DED-3451-4924-8F34-DAC4F2726BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u1:*:*:*:*:*:*",
"matchCriteriaId": "D8FA7C1F-5FC2-4DA5-A91A-4FCEE1BFAEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u2:*:*:*:*:*:*",
"matchCriteriaId": "5AC0483A-622A-4DBE-90CD-75F927F6EC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u2.1:*:*:*:*:*:*",
"matchCriteriaId": "79F33726-7EA6-4ADD-B5A7-397681C1AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u3:*:*:*:*:*:*",
"matchCriteriaId": "75CC17F0-0764-4A36-B0D0-17F1E3A19318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u4:*:*:*:*:*:*",
"matchCriteriaId": "12EEBFDB-CB0A-436F-8950-49A622387608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u4.1:*:*:*:*:*:*",
"matchCriteriaId": "4A4A9067-9002-4A06-983A-AAD8DFB01490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u5:*:*:*:*:*:*",
"matchCriteriaId": "11B4D8DD-AA82-4D8F-BDE2-159EA8114742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u5.1:*:*:*:*:*:*",
"matchCriteriaId": "1B716751-29CF-4664-A67B-EAB41BFAFB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u6:*:*:*:*:*:*",
"matchCriteriaId": "5BB7C4C6-23A0-461E-92C7-3798AF1C0454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u6.1:*:*:*:*:*:*",
"matchCriteriaId": "5105D7F3-EEB3-4707-8601-6E1A132C0E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u7:*:*:*:*:*:*",
"matchCriteriaId": "93A93CEC-C21C-4C37-80C7-A6EC4E972180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7A8DD2E6-2DBF-4B92-B395-E653C53747BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "8FCF9207-7C8E-4666-8536-07FAF4CF881F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "27F629B8-0A49-4C63-8ECD-B29D708F46D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1FC5FF3C-73F6-4F08-B120-607D1D93EAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61683EF1-CCD8-49A9-814F-F5A730CFD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57FF99C0-5B61-4C64-A9A9-DB925DDFF4E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ixsystems:truenas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E69929DE-FB22-446F-9AF4-4AD29130E82B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en iXsystems FreeNAS versiones 11.2 y versiones 11.3 anteriores a 11.3-U1. Permite una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2020-11650",
"lastModified": "2024-11-21T04:58:19.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-08T23:15:12.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}