CVE-2013-7394

2014-08-0711:13:34

CWE-94

mitre

web.nvd.nist.gov

splunk

cve-2013-7394

remote code execution

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.955

Percentile

99.4%

JSON

The “runshellscript echo.sh” script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.

Affected configurations

Nvd

Node

splunksplunkRange≤5.0.4

splunksplunkMatch5.0

splunksplunkMatch5.0.1

splunksplunkMatch5.0.2

splunksplunkMatch5.0.3

VendorProductVersionCPE
splunksplunk*cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
splunksplunk5.0cpe:2.3:a:splunk:splunk:5.0:*:*:*:*:*:*:*
splunksplunk5.0.1cpe:2.3:a:splunk:splunk:5.0.1:*:*:*:*:*:*:*
splunksplunk5.0.2cpe:2.3:a:splunk:splunk:5.0.2:*:*:*:*:*:*:*
splunksplunk5.0.3cpe:2.3:a:splunk:splunk:5.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
splunk	splunk	*	cpe:2.3:a:splunk:splunk::::::::
splunk	splunk	5.0	cpe:2.3:a:splunk:splunk:5.0:::::::*
splunk	splunk	5.0.1	cpe:2.3:a:splunk:splunk:5.0.1:::::::*
splunk	splunk	5.0.2	cpe:2.3:a:splunk:splunk:5.0.2:::::::*
splunk	splunk	5.0.3	cpe:2.3:a:splunk:splunk:5.0.3:::::::*