CVE-2018-16232

Опубликовано: 17 окт. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

Ссылки

https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/
Exploit
Vendor Advisory
https://www.ipfire.org/news/ipfire-2-21-core-update-124-released
Patch
Vendor Advisory
https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/
Exploit
Vendor Advisory
https://www.ipfire.org/news/ipfire-2-21-core-update-124-released
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ipfire:ipfire:1.49:*:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.1:*:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.1:core_update16:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.11:core_update53:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.11:core_update54:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.11:core_update59:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.11:core_update60:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.11:core_update62:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.11:core_update64:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update66:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update67:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update71:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update72:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update73:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update74:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update75:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:core_update76:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:rc_1:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.13:rc_2:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:76_rc1:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:77_rc1:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:77_rc2:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:core_update79:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:core_update81:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:core_update82:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:core_update83:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:core_update84:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.15:core_update85:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:86_beta1:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:87_rc1:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update88:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update89:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update91:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update93:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update95:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update97:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update98:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.17:core_update99:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update100:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update101:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update102:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update105:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update106:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update107:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update108:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update111:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update112:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update113:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update114:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update116:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update117:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update118:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update119:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.19:core_update120:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.21:core_update122:*:*:*:*:*:*

cpe:2.3:a:ipfire:ipfire:2.21:core_update123:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.38479

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-pprx-2p4p-r72p