CVE-2018-16232

Published Oct 17, 2018
Last updated 4 days ago
CVSS high 8.8
Overview

Description: An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-78
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:1.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B0D188D-1FEF-4D8D-8F7B-FDEC5B1D5C62"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95E14CC2-01A9-4DAF-8C35-80EEE8261B05"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.1:core_update16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "010CC3DA-152C-43BA-ADEC-872437818293"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update53:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16D54BA8-1213-4196-B8BF-F67D31091474"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update54:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0D3621F-C72B-4F87-A159-784A5B9F12A7"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update59:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA7EB5C-60B3-4E7F-826B-F4FAF75A0B3D"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update60:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2E6BA4C-342B-406F-B4DA-A493DFEF6CED"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update62:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C632AB41-57BE-4AF4-8137-073018EB3D3D"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.11:core_update64:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B6EE7BE-B919-4C5C-B2AF-B0601F805469"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update66:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FB71E3F-EE6D-4FE8-ABDB-AC109FB48525"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update67:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81D6644A-A427-411D-AAA0-D30251361C0F"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update71:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCC6E491-E87F-41E2-908E-0D3DC54B98F7"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update72:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11AF1643-8CB1-48AE-A551-5BA3EE7DCCE1"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update73:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80D0B2A5-9BF2-45D0-8BD0-A13C8EDC088C"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update74:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B865AA4B-8E5F-435B-BAB8-A8683EE662A1"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update75:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F80F6AE-8839-4C88-BEB7-2748731B0506"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:core_update76:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "478865C5-0CC8-4C61-98B2-F710D4721577"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:rc_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E59A7FBC-4003-4B34-BA07-BC4FDCF50CF5"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.13:rc_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DCD3B6-298D-4B75-8060-AD6672AD6082"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:76_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02F4735A-4596-417E-8E66-B09D03D028E7"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:77_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9F04F47-654D-492F-B297-CBD1E46A9339"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:77_rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E0674AC-5073-4A9E-8E41-118895C151E5"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update79:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DA2BE93-0BE2-4BD9-8DE4-6C8F4FE2FD55"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update81:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07391A2D-D0B5-4344-BE10-5AB92EBF4236"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update82:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0143C1E8-8682-4BC0-860E-5D551590B912"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update83:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DDDC3CB-6E59-4DEE-AA79-C5BC174D7D7E"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update84:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35A65A36-F4D9-453B-AFEA-0FD221E024C5"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.15:core_update85:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF36E7A-228E-438E-B4AE-16812AFD10CA"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:86_beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C838817-D42C-40E7-8848-CBF1ADFFCA72"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:87_rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25253D7E-25B1-4D5E-83BF-01B338620022"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update88:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57AF09F3-F92D-44A0-ACF5-5B6B71D61F22"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update89:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2B1998C-1DA4-42A0-9019-DEE2F2049CC9"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update91:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5A171F6-3F99-4D70-A890-8475DF21F9F7"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update93:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F31769AB-E4FF-46A8-A158-ACBB3A63F08D"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update95:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30DE72EB-6C09-42B8-9D03-AF7564CFC1C8"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update97:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "559D3B06-2736-47F2-8085-7EEB8CE388B0"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update98:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDA19615-FFCA-462A-8634-011C67E8742E"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.17:core_update99:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C18B6E06-7E8C-46CF-B047-F179C779A205"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update100:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FBF2D42-5DF7-43A4-8192-DB7EAC2FEA1B"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075A68E4-0663-47EB-9142-F0ACDC279A34"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "121EC799-AB87-4EF8-A660-7E204CE9074C"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update105:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "614873BF-79C2-4059-90E9-B253BCD7DB12"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update106:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10719BE9-6312-4386-B35D-91C1E5385293"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update107:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6E7DF7-0297-4CAD-B42F-7F00F9C44E49"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update108:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1FB0648-D928-404C-BFAA-C06504849E16"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update111:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2570142D-36DD-43AD-BC59-E7F6CB3E3B0A"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update112:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF8D4C98-B679-4749-BDFE-A927BE8FAD03"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update113:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "517C8F46-F0A1-4CB8-B4CE-9811F95127D8"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update114:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC6AF24F-B218-48DA-9B0B-6900AC102AA2"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update116:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E5D0AA0-BAC7-43EA-9C1F-F83A09355473"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update117:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4E0AB66-F1BE-436A-AD6A-432EA0BDEFAF"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update118:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00A9735D-9D6D-4D1A-AB10-8B5A3DBFDC8F"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update119:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12878218-7835-4B5D-A9DD-B16C80841340"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.19:core_update120:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0DF9BD4-732E-49D8-AB39-674CEA84257F"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.21:core_update122:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BCC19C9-A006-4052-AE58-5705A796B099"
          },
          {
            "criteria": "cpe:2.3:a:ipfire:ipfire:2.21:core_update123:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDBA596B-AD90-4B52-AE33-47D15EC97F85"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
