CVE-2020-13661
First published: Thu Nov 05 2020(Updated: )
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Telerik Fiddler | <=5.0.20202.18177 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-13661.
What is the severity score of CVE-2020-13661?
CVE-2020-13661 has a severity score of 8.8 (high).
Which software is affected by CVE-2020-13661?
Telerik Fiddler version 5.0.20202.18177 is affected by CVE-2020-13661.
How can an attacker exploit CVE-2020-13661?
An attacker can exploit CVE-2020-13661 by using a hostname with a trailing space character, followed by specific commands, to execute arbitrary programs.
Are there any references for CVE-2020-13661?
Yes, you can find references for CVE-2020-13661 at the following links: [Link 1](https://www.nagenrauft-consulting.com/blog/), [Link 2](https://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v5.0.20204), [Link 3](https://www.telerik.com/support/whats-new/release-history).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- vendor/telerik
- canonical/telerik fiddler
- version/telerik fiddler/5.0.20202.18177