CVE-2010-3752

2010-10-0522:00:05

CWE-78

[email protected]

web.nvd.nist.gov

openswan

cve-2010-3752

security vulnerability

remote gateway

arbitrary commands

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

Affected configurations

NVD

Node

xeleranceopenswanMatch2.6.25

xeleranceopenswanMatch2.6.26

xeleranceopenswanMatch2.6.27

xeleranceopenswanMatch2.6.28

CPENameOperatorVersion
xelerance:openswanxelerance openswaneq2.6.25
xelerance:openswanxelerance openswaneq2.6.26
xelerance:openswanxelerance openswaneq2.6.27
xelerance:openswanxelerance openswaneq2.6.28

CPE	Name	Operator	Version
xelerance:openswan	xelerance openswan	eq	2.6.25
xelerance:openswan	xelerance openswan	eq	2.6.26
xelerance:openswan	xelerance openswan	eq	2.6.27
xelerance:openswan	xelerance openswan	eq	2.6.28