Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
RCE
Code Injection
Zenoss Core
NVD
CVSS 2.0
9.3
EPSS
3.0%