Vulnerability Details CVE-2012-5520
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html
- http://openwall.com/lists/oss-security/2012/11/13/12
- http://openwall.com/lists/oss-security/2012/11/13/9
- http://openwall.com/lists/oss-security/2012/11/14/11
- http://openwall.com/lists/oss-security/2012/11/14/5
- http://secunia.com/advisories/49128
- http://wald.intevation.org/scm/viewvc.php?view=rev&root=openvas&revision=14437
- http://www.openvas.org/OVSA20121112.html
- http://www.securityfocus.com/bid/56497
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html
- http://openwall.com/lists/oss-security/2012/11/13/12
- http://openwall.com/lists/oss-security/2012/11/13/9
- http://openwall.com/lists/oss-security/2012/11/14/11
- http://openwall.com/lists/oss-security/2012/11/14/5
- http://secunia.com/advisories/49128
- http://wald.intevation.org/scm/viewvc.php?view=rev&root=openvas&revision=14437
- http://www.openvas.org/OVSA20121112.html
- http://www.securityfocus.com/bid/56497
Products affected by CVE-2012-5520
-
cpe:2.3:a:openvas:openvas_manager:3.0
-
cpe:2.3:a:openvas:openvas_manager:3.0.0
-
cpe:2.3:a:openvas:openvas_manager:3.0.1
-
cpe:2.3:a:openvas:openvas_manager:3.0.2
-
cpe:2.3:a:openvas:openvas_manager:3.0.3