CVE-2010-2892

2010-11-1521:00:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-2892

landesk management gateway

remote code execution

authentication bypass

command injection

csrf attack

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.1%

JSON

gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.

Affected configurations

NVD

Node

landeskmanagement_gatewayMatch4.0

landeskmanagement_gatewayMatch4.0-1.48

landeskmanagement_gatewayMatch4.2

landeskmanagement_gatewayMatch4.2-1.8

CPENameOperatorVersion
landesk:management_gatewaylandesk management gatewayeq4.0
landesk:management_gatewaylandesk management gatewayeq4.0-1.48
landesk:management_gatewaylandesk management gatewayeq4.2
landesk:management_gatewaylandesk management gatewayeq4.2-1.8

CPE	Name	Operator	Version
landesk:management_gateway	landesk management gateway	eq	4.0
landesk:management_gateway	landesk management gateway	eq	4.0-1.48
landesk:management_gateway	landesk management gateway	eq	4.2
landesk:management_gateway	landesk management gateway	eq	4.2-1.8