exploitDog

CVE-2018-17431

Опубликовано: 30 янв. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

Ссылки

http://packetstormsecurity.com/files/159246/Comodo-Unified-Threat-Management-Web-Console-2.7.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view
Permissions Required
Third Party Advisory
https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/159246/Comodo-Unified-Threat-Management-Web-Console-2.7.0-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view
Permissions Required
Third Party Advisory
https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*

Версия до 2.7.0 (исключая)

EPSS

Процентиль: 100%

0.92083

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-7479-2r5v-v4vj

CVSS3: 9.8

github

больше 3 лет назад

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

EPSS

Процентиль: 100%

0.92083

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287