[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1645Date: (C)2010-08-23   (M)2023-12-22


Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-41041
ADV-2010-2132
MDVSA-2010:160
RHSA-2010:0635
http://svn.cacti.net/viewvc?view=rev&revision=5778
http://svn.cacti.net/viewvc?view=rev&revision=5782
http://svn.cacti.net/viewvc?view=rev&revision=5784
http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
http://www.cacti.net/release_notes_0_8_7f.php
https://bugzilla.redhat.com/show_bug.cgi?id=609115

CPE    26
cpe:/a:cacti:cacti:0.8.6
cpe:/a:cacti:cacti:0.8.7
cpe:/a:cacti:cacti:0.8.2
cpe:/a:cacti:cacti:0.8.3
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:600724
oval:org.secpod.oval:def:600705

© SecPod Technologies