Vulnerability CVE-2007-1836


Published: 2007-04-02   Modified: 2012-02-12

Description:
The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Arbitrary Command Execution in DataDomain Administrator Interface
Elliot Kendall
05.04.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Data domain -> Data domain os 

 References:
http://securityreason.com/securityalert/2516
http://www.securityfocus.com/archive/1/464085/100/0/threaded
http://www.securityfocus.com/bid/23182
https://exchange.xforce.ibmcloud.com/vulnerabilities/33291

Copyright 2024, cxsecurity.com

 

Back to Top