CVE-2010-4099

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.exploit-db.com/exploits/15318	Exploit
http://www.securityfocus.com/bid/44421	Exploit
http://www.securitytracker.com/id?1024639
https://exchange.xforce.ibmcloud.com/vulnerabilities/62768

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nitrosecurity:nitroview_esm_software:8.4.0a:*:*:*:*:*:*:*

OR	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5205-r:::::::*
	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5510-r:::::::*
	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5750-r:::::::*
	cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-x5:::::::*

History

No history.

Information

Published : 2010-10-27 19:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4099

Mitre link : CVE-2010-4099

CVE.ORG link : CVE-2010-4099

JSON object : View

Products Affected

nitrosecurity

nitroview_esm_software
nitroview_esm

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-4099", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-27T19:00:11.377", "references": [{"url": "http://www.exploit-db.com/exploits/15318", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/44421", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024639", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62768", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess."}, {"lang": "es", "value": "ess.pm en NitroSecurity NitroView ESM v8.4.0a, cuando ESSPMDebug est\u00e1 activada, permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro Request a ess."}], "lastModified": "2017-08-17T01:33:06.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nitrosecurity:nitroview_esm_software:8.4.0a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D146C877-A003-4A4B-A1B2-EC063CD6E4F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5205-r:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6686418-D228-4631-8590-B9DC01BE2209"}, {"criteria": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5510-r:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D44A72B1-22B0-41B1-8151-ED9F91563468"}, {"criteria": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-5750-r:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "83D22424-CB92-4347-B9C1-663DB644408A"}, {"criteria": "cpe:2.3:h:nitrosecurity:nitroview_esm:ns-esm-x5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2B64AE3-DD7F-4662-A4FE-4360D1CBEF55"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}