CVE-2007-1836

The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/34537
http://secunia.com/advisories/24666
http://securityreason.com/securityalert/2516
http://www.securityfocus.com/archive/1/464085/100/0/threaded
http://www.securityfocus.com/bid/23182
https://exchange.xforce.ibmcloud.com/vulnerabilities/33291

Configurations

Configuration 1 (hide)

cpe:2.3:o:data_domain:data_domain_os:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-03 00:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-1836

Mitre link : CVE-2007-1836

CVE.ORG link : CVE-2007-1836

JSON object : View

Products Affected

data_domain

data_domain_os

CWE

NVD-CWE-Other

{"id": "CVE-2007-1836", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-03T00:19:00.000", "references": [{"url": "http://osvdb.org/34537", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24666", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2516", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/464085/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23182", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33291", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands."}, {"lang": "es", "value": "La linea de comando de la interafaz de administraci\u00f3n en Data Domain OS anterior a 4.0.3.6 permite a usuarios remotos validados ejecutar comandos de su elecci\u00f3n a trav\u00e9s de los metacaracteres de la shell en ciertos argumentos en varios comandos, como se demostr\u00f3 por los argumentos del interfaz en los comandos (1) ifconfig y (2) ping."}], "lastModified": "2018-10-16T16:40:49.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:data_domain:data_domain_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71AD696B-4E4E-4216-9CFC-4AC0408AFD1A", "versionEndIncluding": "4.0.3.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}