CVE-2013-6881

2014-01-0717:04:51

CWE-78

[email protected]

web.nvd.nist.gov

cru

ditto forensic fieldstation

firmware

remote attack

command execution

cve-2013-6881

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

Affected configurations

NVD

Node

cru-incditto_forensic_fieldstation_firmwareRange≤2013jun30a

AND

cru-incditto_forensic_fieldstationMatch-

CPENameOperatorVersion
cru-inc:ditto_forensic_fieldstation_firmwarecru-inc ditto forensic fieldstation firmwarele2013jun30a
cru-inc:ditto_forensic_fieldstationcru-inc ditto forensic fieldstationeq-

CPE	Name	Operator	Version
cru-inc:ditto_forensic_fieldstation_firmware	cru-inc ditto forensic fieldstation firmware	le	2013jun30a
cru-inc:ditto_forensic_fieldstation	cru-inc ditto forensic fieldstation	eq	-