CVE-2020-37002
Deferred Deferred - Pending Action
Authentication Bypass in Ajenti 2.1.36 Enables Remote Code Execution

Publication date: 2026-01-29

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37002
EUVD
EUVD-2020-30913
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ajenti ajenti 2.1.36
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37002 is an authentication bypass vulnerability in Ajenti version 2.1.36 that allows remote attackers to execute arbitrary commands after successfully logging in. Attackers exploit the /api/terminal/create endpoint to send a netcat reverse shell payload, which opens a remote shell connection to a specified IP address and port, enabling full remote code execution on the server. [1, 2]

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on the affected server. An attacker with valid credentials can gain full shell access, potentially leading to data theft, system compromise, disruption of services, and further network penetration. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious use of the /api/terminal/create endpoint on Ajenti 2.1.36, especially POST requests that include netcat reverse shell payloads. Detection commands could include inspecting web server logs or using network monitoring tools to identify outgoing connections initiated by netcat (nc) commands. For example, you can use commands like `grep '/api/terminal/create' /var/log/nginx/access.log` to find suspicious API calls, or `netstat -anp | grep nc` to detect active netcat connections. Additionally, monitoring for unexpected reverse shell connections on unusual ports can help detect exploitation attempts. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Ajenti management interface to trusted IP addresses, enforcing strong authentication and credential management since the exploit requires valid credentials, and monitoring or blocking usage of the /api/terminal/create endpoint. Applying any available patches or updates to Ajenti that address this vulnerability is critical. Additionally, disabling or restricting the terminal API functionality if not needed can reduce risk. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37002. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart