Описание
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 65.0.0 (включая)
cpe:2.3:a:netsas:enigma_network_management_solution:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.89311
Высокий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
почти 4 года назад
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
EPSS
Процентиль: 100%
0.89311
Высокий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78