CVE-2015-5453

Exploit

EPSS 72.45%
Published 08.07.2015 15:59:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Watchguard ≫ Xcs Version9.2

Watchguard ≫ Xcs Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	72.45%	0.987

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html

Exploit

http://packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html

Exploit

http://www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec

http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf

Exploit

http://www.securityfocus.com/bid/75516

http://www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCS_v10_0_Security_Hotfix/EN_Release_Notes_XCS_v10_0_Security_Hotfix.pdf

Vendor Advisory

http://www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_2_Security_Hotfix/EN_Release_Notes_XCS_v9_2_Security_Hotfix.pdf

Vendor Advisory