CVE-2018-7567

{"id": "CVE-2018-7567", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2018-03-04T20:29:00.333", "references": [{"url": "https://0day.today/exploit/29938", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://0day.today/exploit/29938", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating \"the behaviour is as designed and needed for different packages to be installed\", \"there is a security warning if the package is not verified by OTRS Group\", and \"there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary."}, {"lang": "es", "value": "** EN DISPUTA ** En el Admin Package Manager en Open Ticket Request System (OTRS) 5.0.0 hasta 5.0.24 y 6.0.0 hasta 6.0.1, los administradores autenticados pueden explotar una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo ciega cargando un archivo opm manipulado mediante un elemento CodeInstall para ejecutar un comando en el servidor mediante la instalaci\u00f3n de paquetes. NOTA: el fabricante discute este problema argumentando que \"el comportamiento se ha dise\u00f1ado as\u00ed y es necesario para que diferentes paquetes sean instalados\", \"hay una advertencia de seguridad si el paquete no est\u00e1 verificado por OTRS Group\" y \"es posible y la responsabilidad de un administrador comprobar los paquetes antes de instalarlos, lo que es posible porque no son binarios\"."}], "lastModified": "2024-11-21T04:12:23.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BBE1B55-21B5-431C-A3B1-F86D73EC1090", "versionEndIncluding": "5.0.23", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:otrs:otrs:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD3ED863-6A35-4774-90BD-C7CEC377D5F3"}, {"criteria": "cpe:2.3:a:otrs:otrs:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2491453A-3458-4D07-94A0-80A1AB8AF0DC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}