CVE-2018-17431 – Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2018-17431

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. La consola web en Comodo UTM Firewall, en versiones anteriores a la 2.7.0, permite a los atacantes remotos ejecutar código arbitrario sin autenticarse mediante una URL manipulada. Comodo Unified Threat Management Web Console version 2.7.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/48825 https://github.com/Fadavvi/CVE-2018-17431-PoC https://github.com/sanan2004/CVE-2018-17431-Comodo http://packetstormsecurity.com/files/159246/Comodo-Unified-Threat-Management-Web-Console-2.7.0-Remote-Code-Execution.html https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437 • CWE-287: Improper Authentication •