CVE-2018-16232

{"id": "CVE-2018-16232", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-10-17T14:29:01.163", "references": [{"url": "https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ipfire.org/news/ipfire-2-21-core-update-124-released", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos autenticada en IPFire Firewall en versiones anteriores a la 2.21 Core Update 124 en backup.cgi. Esto permite que un usuario autenticado con privilegios para la p\u00e1gina afectada ejecute comandos arbitrarios."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ipfire:ipfire:1.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B0D188D-1FEF-4D8D-8F7B-FDEC5B1D5C62"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95E14CC2-01A9-4DAF-8C35-80EEE8261B05"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.1:core_update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "010CC3DA-152C-43BA-ADEC-872437818293"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update53:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16D54BA8-1213-4196-B8BF-F67D31091474"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update54:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0D3621F-C72B-4F87-A159-784A5B9F12A7"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update59:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DA7EB5C-60B3-4E7F-826B-F4FAF75A0B3D"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update60:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E6BA4C-342B-406F-B4DA-A493DFEF6CED"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update62:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C632AB41-57BE-4AF4-8137-073018EB3D3D"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update64:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B6EE7BE-B919-4C5C-B2AF-B0601F805469"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update66:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FB71E3F-EE6D-4FE8-ABDB-AC109FB48525"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update67:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81D6644A-A427-411D-AAA0-D30251361C0F"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update71:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCC6E491-E87F-41E2-908E-0D3DC54B98F7"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update72:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11AF1643-8CB1-48AE-A551-5BA3EE7DCCE1"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update73:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D0B2A5-9BF2-45D0-8BD0-A13C8EDC088C"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update74:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B865AA4B-8E5F-435B-BAB8-A8683EE662A1"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update75:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F80F6AE-8839-4C88-BEB7-2748731B0506"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update76:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "478865C5-0CC8-4C61-98B2-F710D4721577"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:rc_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E59A7FBC-4003-4B34-BA07-BC4FDCF50CF5"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.13:rc_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96DCD3B6-298D-4B75-8060-AD6672AD6082"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:76_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02F4735A-4596-417E-8E66-B09D03D028E7"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:77_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9F04F47-654D-492F-B297-CBD1E46A9339"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:77_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E0674AC-5073-4A9E-8E41-118895C151E5"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update79:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA2BE93-0BE2-4BD9-8DE4-6C8F4FE2FD55"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update81:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07391A2D-D0B5-4344-BE10-5AB92EBF4236"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update82:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0143C1E8-8682-4BC0-860E-5D551590B912"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update83:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DDDC3CB-6E59-4DEE-AA79-C5BC174D7D7E"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update84:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A65A36-F4D9-453B-AFEA-0FD221E024C5"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update85:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF36E7A-228E-438E-B4AE-16812AFD10CA"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:86_beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C838817-D42C-40E7-8848-CBF1ADFFCA72"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:87_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25253D7E-25B1-4D5E-83BF-01B338620022"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update88:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57AF09F3-F92D-44A0-ACF5-5B6B71D61F22"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update89:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B1998C-1DA4-42A0-9019-DEE2F2049CC9"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update91:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5A171F6-3F99-4D70-A890-8475DF21F9F7"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update93:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F31769AB-E4FF-46A8-A158-ACBB3A63F08D"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update95:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30DE72EB-6C09-42B8-9D03-AF7564CFC1C8"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update97:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559D3B06-2736-47F2-8085-7EEB8CE388B0"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update98:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDA19615-FFCA-462A-8634-011C67E8742E"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update99:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C18B6E06-7E8C-46CF-B047-F179C779A205"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FBF2D42-5DF7-43A4-8192-DB7EAC2FEA1B"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "075A68E4-0663-47EB-9142-F0ACDC279A34"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "121EC799-AB87-4EF8-A660-7E204CE9074C"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update105:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "614873BF-79C2-4059-90E9-B253BCD7DB12"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update106:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10719BE9-6312-4386-B35D-91C1E5385293"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update107:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD6E7DF7-0297-4CAD-B42F-7F00F9C44E49"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update108:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1FB0648-D928-404C-BFAA-C06504849E16"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update111:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2570142D-36DD-43AD-BC59-E7F6CB3E3B0A"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update112:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF8D4C98-B679-4749-BDFE-A927BE8FAD03"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update113:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517C8F46-F0A1-4CB8-B4CE-9811F95127D8"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update114:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC6AF24F-B218-48DA-9B0B-6900AC102AA2"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update116:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E5D0AA0-BAC7-43EA-9C1F-F83A09355473"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update117:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4E0AB66-F1BE-436A-AD6A-432EA0BDEFAF"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update118:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00A9735D-9D6D-4D1A-AB10-8B5A3DBFDC8F"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update119:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12878218-7835-4B5D-A9DD-B16C80841340"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update120:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0DF9BD4-732E-49D8-AB39-674CEA84257F"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.21:core_update122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BCC19C9-A006-4052-AE58-5705A796B099"}, {"criteria": "cpe:2.3:a:ipfire:ipfire:2.21:core_update123:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDBA596B-AD90-4B52-AE33-47D15EC97F85"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}