[email protected]CVE-2015-5453

HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-5453

2015-07-0815:59:05

CWE-77

[email protected]

web.nvd.nist.gov

cve-2015-5453

watchguard xcs

remote execution

shell metacharacters

nvd

7.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.4%

JSON

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

Affected configurations

NVD

Node

watchguardxcsMatch9.2

watchguardxcsMatch10.0

CPENameOperatorVersion
watchguard:xcswatchguard xcseq9.2
watchguard:xcswatchguard xcseq10.0

CPE	Name	Operator	Version
watchguard:xcs	watchguard xcs	eq	9.2
watchguard:xcs	watchguard xcs	eq	10.0

References

packetstormsecurity.com/files/132498/Watchguard-XCS-10.0-SQL-Injection-Command-Execution.html

packetstormsecurity.com/files/133721/Watchguard-XCS-Remote-Command-Execution.html

www.rapid7.com/db/modules/exploit/freebsd/http/watchguard_cmd_exec

www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf

www.securityfocus.com/bid/75516

www.watchguard.com/support/release-notes/xcs/10/en-US/EN_Release_Notes_XCS_v10_0_Security_Hotfix/EN_Release_Notes_XCS_v10_0_Security_Hotfix.pdf

www.watchguard.com/support/release-notes/xcs/9/en-US/EN_ReleaseNotes_XCS_9_2_Security_Hotfix/EN_Release_Notes_XCS_v9_2_Security_Hotfix.pdf

www.exploit-db.com/exploits/38346/

7.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2015-5453

nvd1 prion1 cvelist1