CVE-2019-12585

Published: Jun 3, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

Affected (6)

Products: Apcupsd: Apcupsd · Netgate: Pfsense

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apcupsd Apcupsd	Version 0.3.91_5

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Netgate Pfsense	Before 2.4.4
Netgate Pfsense	Version 2.4.4
Netgate Pfsense	Version 2.4.4 p1
Netgate Pfsense	Version 2.4.4 p2
Netgate Pfsense	Version 2.4.4 p3

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/

Source: cve@mitre.org

https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3

Source: cve@mitre.org

PatchThird Party Advisory

https://redmine.pfsense.org/issues/9556

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3/

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://redmine.pfsense.org/issues/9556

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.