Lucene search

[email protected]CVE-2019-16072

HistoryMar 20, 2020 - 12:17 a.m.

CVE-2019-16072

2020-03-2000:17:08

CWE-78

[email protected]

web.nvd.nist.gov

cve

2019

16072

os command injection

netsas enigma nms

vulnerability

arbitrary code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.727 High

EPSS

Percentile

98.1%

JSON

An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.

Affected configurations

NVD

Node

netsasenigma_network_management_solutionRange≤65.0.0

CPENameOperatorVersion
netsas:enigma_network_management_solutionnetsas enigma network management solutionle65.0.0

CPE	Name	Operator	Version
netsas:enigma_network_management_solution	netsas enigma network management solution	le	65.0.0

References

www.mogozobo.com/?p=3647

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.727 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2019-16072

packetstorm1 exploitpack1 cvelist1 checkpoint_advisories1 prion1 nvd1 exploitdb1