CVE-2017-1000473

Published: Jan 3, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.

Affected (1)

Products: Linux Dash Project: Linux Dash

Linux Dash Project

1 product

Linux Dash

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Dash Project Linux Dash	Before 2.0

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://github.com/afaqurk/linux-dash/issues/447

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/afaqurk/linux-dash/issues/447

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.