CVE-2020-13167 — AI Deep Analysis Summary

🚨 **Essence**: Netsweeper Web Admin has a Remote Code Execution (RCE) flaw. 📉 **Consequences**: Attackers can take full control of the server. 💥 **Impact**: Complete system compromise via the `unixlogin.php` script.

🛡️ **CWE**: Command Injection (implied by shell metacharacters). 🔍 **Flaw**: The `/webadmin/tools/unixlogin.php` script fails to sanitize input.…

🏢 **Vendor**: Netsweeper (Canada). 📦 **Product**: Web Content Filtering Solution. 📅 **Affected**: Version **6.4.3 and earlier**. 🚫 **Safe**: Versions > 6.4.3.

👑 **Privileges**: Unauthenticated Remote Code Execution. 💾 **Data**: Full access to underlying OS commands. 🕵️ **Action**: Hackers run arbitrary shell commands without logging in.

📉 **Threshold**: **LOW**. 🔓 **Auth**: **Unauthenticated**. No login required. ⚙️ **Config**: Exploitable via HTTP `Referer` header manipulation. Easy to trigger.

🔓 **Public Exp**: **YES**. 📜 **PoC**: Available via ProjectDiscovery Nuclei templates. 🌍 **Wild Exp**: High risk due to easy automation and lack of auth barrier.

🔍 **Check**: Scan for `/webadmin/tools/unixlogin.php`. 📡 **Signal**: Look for command execution responses. 🧪 **Tool**: Use Nuclei with the specific CVE-2020-13167 template. 🚩 **Flag**: Successful RCE payload return.

🛡️ **Fix**: Upgrade to **Netsweeper > 6.4.3**. 📥 **Patch**: Official vendor update resolves the injection flaw. ✅ **Status**: Patch available since May 2020.

🚧 **Workaround**: Block external access to `/webadmin/` via Firewall/WAF. 🚫 **Restrict**: Deny traffic to `unixlogin.php` endpoint. 🛑 **Mitigate**: If patching isn't possible, isolate the admin interface.

🔥 **Priority**: **CRITICAL**. 🚨 **Urgency**: High. ⚡ **Reason**: Unauthenticated RCE is a top-tier threat. 🏃 **Action**: Patch immediately or block access to prevent total server takeover.