CVE-2020-5849
Published: 16 March 2020
Summary
CVE-2020-5849 is a high-severity Incorrect Comparison (CWE-697) vulnerability in Unraid Unraid. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
Unraid 6.8.0 contains an authentication bypass vulnerability tracked as CVE-2020-5849 and assigned CWE-697. The flaw received a CVSS 3.1 base score of 7.5 reflecting network attack vector, low complexity, and no required credentials or user interaction, resulting in high confidentiality impact while leaving integrity and availability unaffected.
Unauthenticated attackers with network access can exploit the issue to bypass authentication controls. Successful exploitation grants the ability to access restricted resources or data that would otherwise require valid credentials.
Public references, including disclosures on Packet Storm and detailed analyses from Sysdream, link the bypass to unauthenticated remote code execution as root on the affected Unraid release; the vendor’s announcement forum provides the primary channel for subsequent updates. No information on confirmed in-the-wild exploitation is supplied in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-27003
Vulnerability details
Unraid 6.8.0 allows authentication bypass.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization decisions so that the bypass of credential checks cannot grant access to restricted resources.
Requires unique identification and authentication of users before allowing access, directly blocking the unauthenticated network exploitation path described in the CVE.
Restricts and authorizes remote connections, limiting the network attack vector that enables the authentication bypass without credentials.