← Back

CVE-2018-16232

nvd nist
Published: Oct 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

Affected (56)

Products: Ipfire: Ipfire
Ipfire
1 product
Ipfire
Configuration A
56 vulnerable
Vulnerable SoftwareAffected Versions
Ipfire
Ipfire
Version 1.49
Ipfire
Version 2.11 core_update53
Ipfire
Version 2.11 core_update54
Ipfire
Version 2.11 core_update59
Ipfire
Version 2.11 core_update60
Ipfire
Version 2.11 core_update62
Ipfire
Version 2.11 core_update64
Ipfire
Version 2.13 core_update66
Ipfire
Version 2.13 core_update67
Ipfire
Version 2.13 core_update71
Ipfire
Version 2.13 core_update72
Ipfire
Version 2.13 core_update73
Ipfire
Version 2.13 core_update74
Ipfire
Version 2.13 core_update75
Ipfire
Version 2.13 core_update76
Ipfire
Version 2.13 rc_1
Ipfire
Version 2.13 rc_2
Ipfire
Version 2.15 76_rc1
Ipfire
Version 2.15 77_rc1
Ipfire
Version 2.15 77_rc2
Ipfire
Version 2.15 core_update79
Ipfire
Version 2.15 core_update81
Ipfire
Version 2.15 core_update82
Ipfire
Version 2.15 core_update83
Ipfire
Version 2.15 core_update84
Ipfire
Version 2.15 core_update85
Ipfire
Version 2.17 86_beta1
Ipfire
Version 2.17 87_rc1
Ipfire
Version 2.17 core_update88
Ipfire
Version 2.17 core_update89
Ipfire
Version 2.17 core_update91
Ipfire
Version 2.17 core_update93
Ipfire
Version 2.17 core_update95
Ipfire
Version 2.17 core_update97
Ipfire
Version 2.17 core_update98
Ipfire
Version 2.17 core_update99
Ipfire
Version 2.19 core_update100
Ipfire
Version 2.19 core_update101
Ipfire
Version 2.19 core_update102
Ipfire
Version 2.19 core_update105
Ipfire
Version 2.19 core_update106
Ipfire
Version 2.19 core_update107
Ipfire
Version 2.19 core_update108
Ipfire
Version 2.19 core_update111
Ipfire
Version 2.19 core_update112
Ipfire
Version 2.19 core_update113
Ipfire
Version 2.19 core_update114
Ipfire
Version 2.19 core_update116
Ipfire
Version 2.19 core_update117
Ipfire
Version 2.19 core_update118
Ipfire
Version 2.19 core_update119
Ipfire
Version 2.19 core_update120
Ipfire
Version 2.1
Ipfire
Version 2.1 core_update16
Ipfire
Version 2.21 core_update122
Ipfire
Version 2.21 core_update123

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: cve@mitre.org
ExploitVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.