CVE-2021-27201

Опубликовано: 15 фев. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment.

Ссылки

https://github.com/MucahitSaratar/endian_firewall_authenticated_rce
Exploit
Third Party Advisory
https://sourceforge.net/projects/efw/files/Development/EFW-3.3.2/
Release Notes
Third Party Advisory
https://www.endian.com/company/news/endian-community-releases-new-version-332-148/
Release Notes
Vendor Advisory
https://github.com/MucahitSaratar/endian_firewall_authenticated_rce
Exploit
Third Party Advisory
https://sourceforge.net/projects/efw/files/Development/EFW-3.3.2/
Release Notes
Third Party Advisory
https://www.endian.com/company/news/endian-community-releases-new-version-332-148/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:endian:firewall_community:3.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01609

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-v5rr-334g-rqm6