Lucene search

[email protected]CVE-2013-3631

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3631

2022-10-0316:14:45

CWE-94

[email protected]

web.nvd.nist.gov

nas4free

remote code execution

php

cve-2013-3631

security vulnerability

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.457 Medium

EPSS

Percentile

97.4%

JSON

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the “Advanced | Execute Command” feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.

Affected configurations

NVD

Node

nas4freenas4freeRange≤9.1.0.1.804

nas4freenas4freeMatch9.1.0.1.798

CPENameOperatorVersion
nas4free:nas4freenas4freele9.1.0.1.804
nas4free:nas4freenas4freeeq9.1.0.1.798

CPE	Name	Operator	Version
nas4free:nas4free	nas4free	le	9.1.0.1.804
nas4free:nas4free	nas4free	eq	9.1.0.1.798

References

www.kb.cert.org/vuls/id/326830

community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.457 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2013-3631

cert1 zdt1 packetstorm1 checkpoint_advisories1 prion1 nvd1 cvelist1