An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
References
Link | Resource |
---|---|
https://doddsecurity.com/213/command-injection-on-ipfire-firewalls/ | Exploit Vendor Advisory |
https://www.ipfire.org/news/ipfire-2-21-core-update-124-released | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-17T14:00:00
Updated: 2018-12-11T22:57:01
Reserved: 2018-08-30T00:00:00
Link: CVE-2018-16232
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-17T14:29:01.163
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-16232
JSON object: View
Redhat Information
No data.
CWE