CVE-2017-9757

Опубликовано: 19 июн. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Высокий

Описание

IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.

Ссылки

http://www.securityfocus.com/bid/99173
Third Party Advisory
VDB Entry
https://twitter.com/0x09AL/status/873860385652256768
Third Party Advisory
https://www.exploit-db.com/exploits/42149/
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/99173
Third Party Advisory
VDB Entry
https://twitter.com/0x09AL/status/873860385652256768
Third Party Advisory
https://www.exploit-db.com/exploits/42149/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ipfire:ipfire:*:*:*:*:*:*:*:*

Версия до 2.19 (включая)

EPSS

Процентиль: 99%

0.77889

Высокий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-3wvf-5qf9-45fj