CVE-2012-3001
Published Oct 22, 2012
Last updated 12 years ago
Overview
- Description
- Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
- Source
- cret@cert.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per: http://www.mutiny.com/products.php "Mutiny is a virtual appliance that uses industry standard SNMP to gather information from IT Infrastructure, process and display the results in a multi-user web front-end that allows administrators and managers alike to quickly asses the health of their estate."
- Impact
- Per: http://www.kb.cert.org/vuls/id/841851 "Impact An authenticated attacker can run arbitrary commands on the appliance."
- Solution
- Per: http://www.kb.cert.org/vuls/id/841851 "Impact An authenticated attacker can run arbitrary commands on the appliance."
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mutiny:standard:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42F8884D-FCEB-405A-84DA-096286AAAA06",
"versionEndIncluding": "4.5-1.10"
},
{
"criteria": "cpe:2.3:a:mutiny:standard:4.4-1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88398549-6480-4C62-823B-D7098E26DA50"
},
{
"criteria": "cpe:2.3:a:mutiny:standard:4.5-1.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED4A7A60-4590-467F-895D-E9F7D9181072"
},
{
"criteria": "cpe:2.3:a:mutiny:standard:4.5-1.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "780C439B-127E-44DE-A193-43458B2B9B33"
},
{
"criteria": "cpe:2.3:a:mutiny:standard:4.5-1.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DA36096-D1F2-471E-91ED-4985BF6EDA4D"
}
],
"operator": "OR"
}
]
}
]