CVE-2018-12237

Published: Jan 24, 2019Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.

Affected (2)

Products: Symantec: Reporter

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Symantec Reporter	From 10.1 to 10.1.5.6
Symantec Reporter	From 10.2 to 10.2.1.8

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

http://www.securityfocus.com/bid/106518

Source: secure@symantec.com

Third Party AdvisoryVDB Entry

https://support.symantec.com/en_US/article.SYMSA1465.html

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/106518

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.symantec.com/en_US/article.SYMSA1465.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.