CVE-2019-12584

Опубликовано: 03 июн. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

Ссылки

https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/
https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3
Patch
Third Party Advisory
https://redmine.pfsense.org/issues/9556
Third Party Advisory
https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/
https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3
Patch
Third Party Advisory
https://redmine.pfsense.org/issues/9556
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apcupsd:apcupsd:0.3.91_5:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*

Версия до 2.4.4 (исключая)

cpe:2.3:a:netgate:pfsense:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:netgate:pfsense:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:netgate:pfsense:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:netgate:pfsense:2.4.4:p3:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04715

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-12584

CVSS3: 6.1

debian

больше 6 лет назад

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...

GHSA-rq9v-rxgf-2vq4

CVSS3: 6.1

github

больше 3 лет назад

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

EPSS

Процентиль: 89%

0.04715

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79