CVE-2019-12585

Опубликовано: 03 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

Ссылки

https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/
https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3
Patch
Third Party Advisory
https://redmine.pfsense.org/issues/9556
Issue Tracking
Third Party Advisory
https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/
https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3
Patch
Third Party Advisory
https://redmine.pfsense.org/issues/9556
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apcupsd:apcupsd:0.3.91_5:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*

Версия до 2.4.4 (исключая)

cpe:2.3:a:netgate:pfsense:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:netgate:pfsense:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:netgate:pfsense:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:netgate:pfsense:2.4.4:p3:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11683

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-12585

CVSS3: 9.8

debian

больше 6 лет назад

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...

GHSA-h8cj-r9q8-q267

CVSS3: 9.8

github

больше 3 лет назад

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

EPSS

Процентиль: 93%

0.11683

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78