CISA Known Exploited Vulnerability

CVE-2020-8816

Pi-hole · AdminLTE

Pi-Hole AdminLTE Remote Code Execution Vulnerability

Date added 2021-12-10

BOD 22-01 due date 2022-06-10

CWE CWE-78

Ransomware Unknown

CISA description

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Apply updates per vendor instructions.

Vulnerability data triggers these controls during assessment and continuous monitoring.