| Vulnerability Name: | CVE-2012-0261 (CCN-72045) | ||||||||
| Assigned: | 2011-12-29 | ||||||||
| Published: | 2011-12-29 | ||||||||
| Updated: | 2014-01-02 | ||||||||
| Summary: | license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0261 Source: CCN Type: Metasploit Modules OP5 license.php Remote Command Execution Source: FULLDISC Type: UNKNOWN 20120102 OP5 Monitor - Multiple Vulnerabilities Source: CCN Type: SA47417 op5 Appliance Two Command Execution Vulnerabilities Source: SECUNIA Type: Vendor Advisory 47417 Source: MISC Type: UNKNOWN http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf Source: CCN Type: op5 Web Site FIXED VULNERABILITIES FOR OP5 MONITOR AND OP5 APPLIANCE Source: CONFIRM Type: UNKNOWN http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ Source: OSVDB Type: UNKNOWN 78064 Source: CCN Type: OSVDB ID: 78064 op5 Appliance system-portal Component license.php timestamp Parameter Remote Shell Command Execution Source: CCN Type: BID-51212 op5 Appliance Multiple Remote Command Execution Vulnerabilities Source: CONFIRM Type: UNKNOWN https://bugs.op5.com/view.php?id=5094 Source: XF Type: UNKNOWN op5-systemportal-code-execution(72045) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||