8.8

CVE-2018-16232

Exploit
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IpfireIpfire Version1.49
IpfireIpfire Version2.1
IpfireIpfire Version2.1 Updatecore_update16
IpfireIpfire Version2.11 Updatecore_update53
IpfireIpfire Version2.11 Updatecore_update54
IpfireIpfire Version2.11 Updatecore_update59
IpfireIpfire Version2.11 Updatecore_update60
IpfireIpfire Version2.11 Updatecore_update62
IpfireIpfire Version2.11 Updatecore_update64
IpfireIpfire Version2.13 Updatecore_update66
IpfireIpfire Version2.13 Updatecore_update67
IpfireIpfire Version2.13 Updatecore_update71
IpfireIpfire Version2.13 Updatecore_update72
IpfireIpfire Version2.13 Updatecore_update73
IpfireIpfire Version2.13 Updatecore_update74
IpfireIpfire Version2.13 Updatecore_update75
IpfireIpfire Version2.13 Updatecore_update76
IpfireIpfire Version2.13 Updaterc_1
IpfireIpfire Version2.13 Updaterc_2
IpfireIpfire Version2.15 Update76_rc1
IpfireIpfire Version2.15 Update77_rc1
IpfireIpfire Version2.15 Update77_rc2
IpfireIpfire Version2.15 Updatecore_update79
IpfireIpfire Version2.15 Updatecore_update81
IpfireIpfire Version2.15 Updatecore_update82
IpfireIpfire Version2.15 Updatecore_update83
IpfireIpfire Version2.15 Updatecore_update84
IpfireIpfire Version2.15 Updatecore_update85
IpfireIpfire Version2.17 Update86_beta1
IpfireIpfire Version2.17 Update87_rc1
IpfireIpfire Version2.17 Updatecore_update88
IpfireIpfire Version2.17 Updatecore_update89
IpfireIpfire Version2.17 Updatecore_update91
IpfireIpfire Version2.17 Updatecore_update93
IpfireIpfire Version2.17 Updatecore_update95
IpfireIpfire Version2.17 Updatecore_update97
IpfireIpfire Version2.17 Updatecore_update98
IpfireIpfire Version2.17 Updatecore_update99
IpfireIpfire Version2.19 Updatecore_update100
IpfireIpfire Version2.19 Updatecore_update101
IpfireIpfire Version2.19 Updatecore_update102
IpfireIpfire Version2.19 Updatecore_update105
IpfireIpfire Version2.19 Updatecore_update106
IpfireIpfire Version2.19 Updatecore_update107
IpfireIpfire Version2.19 Updatecore_update108
IpfireIpfire Version2.19 Updatecore_update111
IpfireIpfire Version2.19 Updatecore_update112
IpfireIpfire Version2.19 Updatecore_update113
IpfireIpfire Version2.19 Updatecore_update114
IpfireIpfire Version2.19 Updatecore_update116
IpfireIpfire Version2.19 Updatecore_update117
IpfireIpfire Version2.19 Updatecore_update118
IpfireIpfire Version2.19 Updatecore_update119
IpfireIpfire Version2.19 Updatecore_update120
IpfireIpfire Version2.21 Updatecore_update122
IpfireIpfire Version2.21 Updatecore_update123
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 38.48% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.