Vulnerability Details CVE-2014-3418
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.272
EPSS Ranking 96.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html
- http://seclists.org/fulldisclosure/2014/Jul/35
- http://www.exploit-db.com/exploits/34030
- http://www.securityfocus.com/archive/1/532709/100/0/threaded
- http://www.securityfocus.com/bid/68471
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94449
- https://github.com/depthsecurity/NetMRI-2014-3418
- http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html
- http://seclists.org/fulldisclosure/2014/Jul/35
- http://www.exploit-db.com/exploits/34030
- http://www.securityfocus.com/archive/1/532709/100/0/threaded
- http://www.securityfocus.com/bid/68471
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94449
- https://github.com/depthsecurity/NetMRI-2014-3418
Products affected by CVE-2014-3418
-
cpe:2.3:a:infoblox:netmri:6.0.2.42
-
cpe:2.3:a:infoblox:netmri:6.1.2
-
cpe:2.3:a:infoblox:netmri:6.2.1
-
cpe:2.3:a:infoblox:netmri:6.2.1.48
-
cpe:2.3:a:infoblox:netmri:6.8.2.11
-
cpe:2.3:a:infoblox:netmri:6.8.4