Lucene search

PRIOn knowledge basePRION:CVE-2012-3366

HistoryJul 03, 2012 - 4:40 p.m.

Code injection

2012-07-0316:40:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

74.8%

JSON

The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).

CPENameOperatorVersion
bcfg2eq1.2.0
bcfg2eq1.2.0 rc2

CPE	Name	Operator	Version
	bcfg2	eq	1.2.0
	bcfg2	eq	1.2.0 rc2

References

permalink.gmane.org/gmane.comp.sysutils.bcfg2.devel/4539

secunia.com/advisories/49629

secunia.com/advisories/49690

www.debian.org/security/2012/dsa-2503

www.securityfocus.com/bid/54217

exchange.xforce.ibmcloud.com/vulnerabilities/76616

github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be

8.1 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

74.8%

JSON

Related for PRION:CVE-2012-3366