CVE-2012-5520

Exploit

EPSS 2.13%
Veröffentlicht 26.11.2012 12:45:22
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openvas ≫ Openvas Manager Version3.0 Updatebeta1

Openvas ≫ Openvas Manager Version3.0 Updatebeta2

Openvas ≫ Openvas Manager Version3.0 Updatebeta3

Openvas ≫ Openvas Manager Version3.0 Updatebeta4

Openvas ≫ Openvas Manager Version3.0 Updatebeta5

Openvas ≫ Openvas Manager Version3.0 Updatebeta6

Openvas ≫ Openvas Manager Version3.0 Updatebeta7

Openvas ≫ Openvas Manager Version3.0 Updatebeta8

Openvas ≫ Openvas Manager Version3.0 Updaterc1

Openvas ≫ Openvas Manager Version3.0.0

Openvas ≫ Openvas Manager Version3.0.1

Openvas ≫ Openvas Manager Version3.0.2

Openvas ≫ Openvas Manager Version3.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.13%	0.835

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html

http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html

http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html

http://openwall.com/lists/oss-security/2012/11/13/12

http://openwall.com/lists/oss-security/2012/11/13/9

http://openwall.com/lists/oss-security/2012/11/14/11

http://openwall.com/lists/oss-security/2012/11/14/5

http://secunia.com/advisories/49128

http://wald.intevation.org/scm/viewvc.php?view=rev&root=openvas&revision=14437

http://www.openvas.org/OVSA20121112.html

Patch

Vendor Advisory