CVE-2021-42372

Sažetak

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.

Reference

https://stor2rrd.com/note730.php
https://lpar2rrd.com/note730.php
https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-09-2022 - 03:39

Objavljeno

08-11-2021 - 05:15