Lucene search

K
cve[email protected]CVE-2010-3752
HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3752

2010-10-0522:00:05
CWE-78
web.nvd.nist.gov
30
openswan
cve-2010-3752
security vulnerability
remote gateway
arbitrary commands

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

Affected configurations

NVD
Node
xeleranceopenswanMatch2.6.25
OR
xeleranceopenswanMatch2.6.26
OR
xeleranceopenswanMatch2.6.27
OR
xeleranceopenswanMatch2.6.28

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%