CVE-2012-0261

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
http://secunia.com/advisories/47417	Vendor Advisory
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
http://www.osvdb.org/78064
http://seclists.org/fulldisclosure/2012/Jan/62
https://bugs.op5.com/view.php?id=5094

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:op5:monitor:5.3.5:::::::*
	cpe:2.3:a:op5:system-portal::::::::
	cpe:2.3:a:op5:monitor:5.5.0:::::::*
	cpe:2.3:a:op5:monitor:5.4.0:::::::*
	cpe:2.3:a:op5:monitor::::::::
	cpe:2.3:a:op5:monitor:5.4.2:::::::*

Information

Published : 2013-12-31 12:55

Updated : 2014-01-02 08:24

NVD link : CVE-2012-0261

Mitre link : CVE-2012-0261

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

op5

monitor
system-portal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf", "name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/47417", "name": "47417", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/", "name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/78064", "name": "78064", "tags": [], "refsource": "OSVDB"}, {"url": "http://seclists.org/fulldisclosure/2012/Jan/62", "name": "20120102 OP5 Monitor - Multiple Vulnerabilities", "tags": [], "refsource": "FULLDISC"}, {"url": "https://bugs.op5.com/view.php?id=5094", "name": "https://bugs.op5.com/view.php?id=5094", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-0261", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-12-31T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:op5:system-portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.6.1"}, {"cpe23Uri": "cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.5.1"}, {"cpe23Uri": "cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-01-02T16:24Z"}