Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
-
S9 – Sabotage of System/App
EPSS
Score: 0.00911
Percentile:
0.74845
CVSS Scoring
CVSS v2 Score: 10.0
Severity:
Mapped CWE(s)
-
CWE-78
: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
All CAPEC(s)
-
CAPEC-108: Command Line Execution through SQL Injection
-
CAPEC-15: Command Delimiters
-
CAPEC-43: Exploiting Multiple Input Interpretation Layers
-
CAPEC-6: Argument Injection
-
CAPEC-88: OS Command Injection
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
- cpe:2.3:a:mit:kerberos_ftp_client:*:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
← Back to Home