CVE-2018-16144

Опубликовано: 05 сент. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.

Ссылки

https://knowledge.opsview.com/v5.3/docs/whats-new
Release Notes
Vendor Advisory
https://knowledge.opsview.com/v5.4/docs/whats-new
Release Notes
Vendor Advisory
https://seclists.org/fulldisclosure/2018/Sep/3
Exploit
Mailing List
Third Party Advisory
https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Exploit
Third Party Advisory
https://knowledge.opsview.com/v5.3/docs/whats-new
Release Notes
Vendor Advisory
https://knowledge.opsview.com/v5.4/docs/whats-new
Release Notes
Vendor Advisory
https://seclists.org/fulldisclosure/2018/Sep/3
Exploit
Mailing List
Third Party Advisory
https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:opsview:opsview:*:*:*:*:*:*:*:*

Версия до 5.3.1 (исключая)

cpe:2.3:a:opsview:opsview:*:*:*:*:*:*:*:*

Версия от 5.4.0 (включая) до 5.4.2 (исключая)

EPSS

Процентиль: 96%

0.23981

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-58fh-w7mj-2pv4