Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
References
Link | Resource |
---|---|
https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-19T19:29:41
Updated: 2020-05-19T19:29:41
Reserved: 2020-05-19T00:00:00
Link: CVE-2020-13167
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-19T20:15:10.147
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-13167
JSON object: View
Redhat Information
No data.
CWE