Lucene search

[email protected]CVE-2010-0418

HistoryMar 10, 2010 - 8:13 p.m.

CVE-2010-0418

2010-03-1020:13:03

CWE-78

[email protected]

web.nvd.nist.gov

cve-2010-0418

chumby one

remote code execution

web interface

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.

Affected configurations

NVD

Node

chumbychumby_oneRange≤1.0.3

chumbychumby_oneMatch1.0.2

Node

chumbychumby_classicRange≤1.7.1

chumbychumby_classicMatch0.9

chumbychumby_classicMatch1.1

chumbychumby_classicMatch1.2

chumbychumby_classicMatch1.4

chumbychumby_classicMatch1.5

chumbychumby_classicMatch1.6

chumbychumby_classicMatch1.7

CPENameOperatorVersion
chumby:chumby_onechumby chumby onele1.0.3
chumby:chumby_onechumby chumby oneeq1.0.2

CPE	Name	Operator	Version
chumby:chumby_one	chumby chumby one	le	1.0.3
chumby:chumby_one	chumby chumby one	eq	1.0.2

References

secunia.com/advisories/38972

www.awe.com/mark/blog/20100305.html

www.chumby.com/pages/release10mar

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2010-0418

cvelist1 prion1 nvd1