CVE-2007-1836
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.
La linea de comando de la interafaz de administración en Data Domain OS anterior a 4.0.3.6 permite a usuarios remotos validados ejecutar comandos de su elección a través de los metacaracteres de la shell en ciertos argumentos en varios comandos, como se demostró por los argumentos del interfaz en los comandos (1) ifconfig y (2) ping.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-04-02 CVE Reserved
- 2007-04-03 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/34537 | Vdb Entry | |
| http://secunia.com/advisories/24666 | Third Party Advisory | |
| http://securityreason.com/securityalert/2516 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/464085/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/23182 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33291 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Data Domain Search vendor "Data Domain" | Data Domain Os Search vendor "Data Domain" for product "Data Domain Os" | <= 4.0.3.5 Search vendor "Data Domain" for product "Data Domain Os" and version " <= 4.0.3.5" | - |
Affected
| ||||||