Vulnerability Name:

CVE-2007-4390 (CCN-36082)

Assigned:2007-08-16
Published:2007-08-16
Updated:2018-10-15
Summary:The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
CVSS v3 Severity:8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Fri Jul 27 2007 - 06:36:40 CDT
TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation

Source: MITRE
Type: CNA
CVE-2007-4390

Source: OSVDB
Type: UNKNOWN
39398

Source: CCN
Type: SA26495
BlueCat Networks Adonis CLI Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
26495

Source: SREASON
Type: UNKNOWN
3025

Source: CCN
Type: SECTRACK ID: 1018584
Adonis Command Line Interface Lets Local Administrative Users Gain Root Privileges

Source: CCN
Type: BlueCat Adonis Web site
Adonis DNS management appliances, DNS server - BlueCat Networks

Source: CCN
Type: OSVDB ID: 39398
BlueCat Networks Adonis CLI Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20070816 TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation

Source: BUGTRAQ
Type: UNKNOWN
20070820 Re: TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation

Source: BID
Type: UNKNOWN
25342

Source: CCN
Type: BID-25342
BlueCat Networks Adonis CLI Remote Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018584

Source: XF
Type: UNKNOWN
adonis-dnsdhcpcli-privilege-escalation(36082)

Source: XF
Type: UNKNOWN
adonis-dnsdhcpcli-privilege-escalation(36082)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:bluecat_networks:adonis:5.0.2.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    bluecat_networks adonis 5.0.2.8