Vulnerability CVE-2013-7418
Published: 2015-01-02   Modified: 2015-01-03

Description:
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability.

Type:

CWE-77

 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Ipcop -> Ipcop 

 References:
http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/
http://sourceforge.net/p/ipcop/bugs/807/
http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Copyright 2024, cxsecurity.com

 

Back to Top