Lucene search

K
cve[email protected]CVE-2010-3752
HistoryOct 05, 2010 - 10:00 p.m.

CVE-2010-3752

2010-10-0522:00:05
CWE-78
web.nvd.nist.gov
30
openswan
cve-2010-3752
security vulnerability
remote gateway
arbitrary commands

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

Affected configurations

NVD
Node
xeleranceopenswanMatch2.6.25
OR
xeleranceopenswanMatch2.6.26
OR
xeleranceopenswanMatch2.6.27
OR
xeleranceopenswanMatch2.6.28

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%