CVE Vulnerabilities

CVE-2020-12967

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Published: May 13, 2021 | Modified: May 25, 2021
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

Weakness

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Affected Software

Name Vendor Start Version End Version
Epyc_7232p Amd - (including) - (including)
Epyc_7251 Amd - (including) - (including)
Epyc_7252 Amd - (including) - (including)
Epyc_7261 Amd - (including) - (including)
Epyc_7262 Amd - (including) - (including)
Epyc_7272 Amd - (including) - (including)
Epyc_7281 Amd - (including) - (including)
Epyc_7282 Amd - (including) - (including)
Epyc_72f3 Amd - (including) - (including)
Epyc_7301 Amd - (including) - (including)
Epyc_7302 Amd - (including) - (including)
Epyc_7302p Amd - (including) - (including)
Epyc_7313 Amd - (including) - (including)
Epyc_7313p Amd - (including) - (including)
Epyc_7343 Amd - (including) - (including)
Epyc_7351 Amd - (including) - (including)
Epyc_7351p Amd - (including) - (including)
Epyc_7352 Amd - (including) - (including)
Epyc_7371 Amd - (including) - (including)
Epyc_73f3 Amd - (including) - (including)
Epyc_7401 Amd - (including) - (including)
Epyc_7401p Amd - (including) - (including)
Epyc_7402 Amd - (including) - (including)
Epyc_7402p Amd - (including) - (including)
Epyc_7413 Amd - (including) - (including)
Epyc_7443 Amd - (including) - (including)
Epyc_7443p Amd - (including) - (including)
Epyc_7451 Amd - (including) - (including)
Epyc_7452 Amd - (including) - (including)
Epyc_7453 Amd - (including) - (including)
Epyc_74f3 Amd - (including) - (including)
Epyc_7501 Amd - (including) - (including)
Epyc_7502 Amd - (including) - (including)
Epyc_7502p Amd - (including) - (including)
Epyc_7513 Amd - (including) - (including)
Epyc_7532 Amd - (including) - (including)
Epyc_7542 Amd - (including) - (including)
Epyc_7543 Amd - (including) - (including)
Epyc_7543p Amd - (including) - (including)
Epyc_7551 Amd - (including) - (including)
Epyc_7551p Amd - (including) - (including)
Epyc_7552 Amd - (including) - (including)
Epyc_75f3 Amd - (including) - (including)
Epyc_7601 Amd - (including) - (including)
Epyc_7642 Amd - (including) - (including)
Epyc_7643 Amd - (including) - (including)
Epyc_7662 Amd - (including) - (including)
Epyc_7663 Amd - (including) - (including)
Epyc_7702 Amd - (including) - (including)
Epyc_7702p Amd - (including) - (including)
Epyc_7713 Amd - (including) - (including)
Epyc_7713p Amd - (including) - (including)
Epyc_7742 Amd - (including) - (including)
Epyc_7763 Amd - (including) - (including)
Epyc_7f32 Amd - (including) - (including)
Epyc_7f52 Amd - (including) - (including)
Epyc_7f72 Amd - (including) - (including)
Epyc_7h12 Amd - (including) - (including)
Epyc_embedded_3101 Amd - (including) - (including)
Epyc_embedded_3151 Amd - (including) - (including)
Epyc_embedded_3201 Amd - (including) - (including)
Epyc_embedded_3251 Amd - (including) - (including)
Epyc_embedded_3255 Amd - (including) - (including)
Epyc_embedded_3351 Amd - (including) - (including)
Epyc_embedded_3451 Amd - (including) - (including)

Extended Description

Command injection vulnerabilities typically occur when:

Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks. Command injection is a common problem with wrapper programs.

Potential Mitigations

  • Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

References